Ad
Ad
Ad
Pages: [1]   Bottom of Page
Print
Author Topic: Adobe Cloud Hacked.  (Read 5799 times)
Marlyn
Sr. Member
****
Offline Offline

Posts: 253


« on: October 03, 2013, 09:42:28 PM »
ReplyReply

Welcome to the "cloudy side" huh.    
All your data is safe with us in the 'cloud'.

Perhaps not !!

http://blogs.adobe.com/conversations/2013/10/important-customer-security-announcement.html

http://www.zdnet.com/adobe-admits-2-9m-customer-accounts-have-been-compromised-7000021546/

http://www.smh.com.au/it-pro/security-it/adobe-hacked-customer-data-source-code-compromised-20131004-hv1wl.html


From their release:
"Unfortunately, the attack on Adobe also compromised customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders."


Not such a bright idea after all....

Regards

Mark.
« Last Edit: October 03, 2013, 09:47:16 PM by Marlyn » Logged
BernardLanguillier
Sr. Member
****
Offline Offline

Posts: 8080



WWW
« Reply #1 on: October 03, 2013, 10:15:04 PM »
ReplyReply

On the other hand, they don't have 2.9 millions users in CC per their own claims...

This means that this hack is not related to the move to CC, it must cover many users having ordered through Adobe site or using other cloud services.

This appears to be more of an e-commerce mishap than a real cloud one, but I could be wrong.

Cheers,
Bernard
Logged

A few images online here!
Wayne Fox
Sr. Member
****
Offline Offline

Posts: 2859



WWW
« Reply #2 on: October 03, 2013, 10:16:06 PM »
ReplyReply

While regrettable, I can't see how this is related to "the cloud".  Adobe's customer records really do not have much to do with the cloud.  Yes, those who are cloud subscribers are part of that, but so is every other customer who has purchased their software directly from Adobe (which is a majority).
Logged

Isaac
Sr. Member
****
Offline Offline

Posts: 2833


« Reply #3 on: October 04, 2013, 01:25:50 AM »
ReplyReply

   All your data is safe with us in the 'cloud'.

"Creative Cloud is hosted on Amazon Web Services"

pdf Adobe Creative Cloud Security FAQ for IT

Logged
BartvanderWolf
Sr. Member
****
Offline Offline

Posts: 3684


« Reply #4 on: October 04, 2013, 04:35:26 AM »
ReplyReply

While regrettable, I can't see how this is related to "the cloud".  Adobe's customer records really do not have much to do with the cloud.  Yes, those who are cloud subscribers are part of that, but so is every other customer who has purchased their software directly from Adobe (which is a majority).

Hi Wayne,

I used to purchase my licenses from local Gold certified Dealers, and thus reduced the likelihood of being targeted by such attacks. A big fish like Adobe is a much more attractive target for attacks. Last year's upgrade to a boxed version of Photoshop CS6 was unavailable via the Dealer channel (multiple week expected delivery times, rescheduled to unknown delivery time), so I was forced to purchase direct from Adobe, delivery was within 48 hours ...

And yes, this morning I also received an email from Adobe that my password required resetting, even though I am not a Cloud subscriber. So those who created an Adobe ID and supplied Credit Card details for the subscription fee may now also be impacted. Credit card transactions will require closer monitoring by me from now on, as if I had nothing better to do.

Cheers,
Bart
« Last Edit: October 04, 2013, 04:42:09 AM by BartvanderWolf » Logged
Ken Richmond
Jr. Member
**
Offline Offline

Posts: 70


WWW
« Reply #5 on: October 04, 2013, 04:40:50 AM »
ReplyReply

The Adobe Cloud is accessed with the same password used for Adobe Program Manager/purchases.  More importantly, this notification  attempts to shift the burden of loss to the subscriber, "...We also recommend that you monitor your account for incidents of fraud and identity theft, including regularly reviewing your account statements and monitoring credit reports. If you discover any suspicious or unusual activity on your account or suspect identity theft or fraud, you should report it immediately to your bank. You will be receiving a letter from us shortly that provides more information on this matter.  (Not to be cynical, but this is Adobe's creation of a "safe harbor".  They really didn't need it, because of the non-negotiable waiver's of claims this monopoly imposed on subscribers who gave up access to their banks)

We deeply regret any inconvenience this may cause you. We value the trust of our customers and we will work aggressively to prevent these types of events from occurring in the future."

So...having used a credit/debit card, with auto deductions for Adobe CC and several other "subscriptions" like Verizon,  Apple,  does anyone have a recommendation as to how many times each day I should check that particular account?  I could destroy that account and open a new one, then notify other service providers of a new account number after receiving a new card.  

No problem.... no problem at all

Ken Richmond
  
Logged

SunnyUK
Full Member
***
Offline Offline

Posts: 158


« Reply #6 on: October 04, 2013, 05:09:29 AM »
ReplyReply

It's a general problem with e-commerce. We are now encouraged to leave our credit card details with dozens and dozens of e-tailers, without knowing anything about how they protect our details (or not, as the case may be). They should employ the same level of security as merchant banks, but I think we can take it for granted that they don't. That's a problem.
Logged
Morris Taub
Sr. Member
****
Offline Offline

Posts: 369



WWW
« Reply #7 on: October 04, 2013, 05:22:48 AM »
ReplyReply

On the other hand, they don't have 2.9 millions users in CC per their own claims...

This means that this hack is not related to the move to CC, it must cover many users having ordered through Adobe site or using other cloud services.

This appears to be more of an e-commerce mishap than a real cloud one, but I could be wrong.

Cheers,
Bernard


don't know if it means anything or not, but i haven't subscribed to anything CC and received the adobe customer care email with their security alert...

i have an account to update software purchased over the years via amazon, etc., boxed versions of photoshop and lightroom, indesign, illustrator,...that's it, but info is on adobe servers, my name, a password,...

still thinking about trying the photoshop/lightroom offer for 12.50 euros a month...it's a low price, but damn, customer service hasn't been an adobe strong point...and again, hate the gun to head attitude, do it by 31 december or the deal's off the table...hmmm, sorry to get off subject a bit, but this security thing, lack of, is something to consider...

Logged

azmike
Newbie
*
Offline Offline

Posts: 30


WWW
« Reply #8 on: October 04, 2013, 11:03:01 AM »
ReplyReply

I am a CC subscriber.  In September there were 4 fraudulent charges ($7000 total) on my card that was on file with Adobe.  No way of knowing if Adobe's data loss is related, but I would encourage other CC subscribers to change their card number on file with Adobe.  Just today I got an email from Adobe saying they had a little problem!
Logged
Isaac
Sr. Member
****
Offline Offline

Posts: 2833


« Reply #9 on: October 04, 2013, 11:16:36 AM »
ReplyReply

It's a general problem with e-commerce. We are now encouraged to leave our credit card details with dozens and dozens of e-tailers, ...

"PayPal ... The service gives people simpler ways to send money without sharing financial information..."
« Last Edit: October 04, 2013, 11:19:11 AM by Isaac » Logged
Wayne Fox
Sr. Member
****
Offline Offline

Posts: 2859



WWW
« Reply #10 on: October 04, 2013, 03:20:25 PM »
ReplyReply


So those who created an Adobe ID and supplied Credit Card details for the subscription fee may now also be impacted.

I guess I see that the other way around.  Adobe's Creative cloud was not hacked (as implied by the title of this thread).  Adobe's customer records were hacked.  Which means all of Adobe's customer could have been affected, and whether they were part of the cloud or not isn't really part of the equation. Obviously some of them were because there is a decent percentage of adobe customers who are also Adobe CC subscribers.  Adobe does not maintain a separate registration/site/system for Cloud members outside of the normal Adobe ID membership they've had for a long time.

As mentioned there were far more customer records hacked than adobe currently has subscribing to the cloud.
Logged

daws
Sr. Member
****
Offline Offline

Posts: 268


« Reply #11 on: October 04, 2013, 05:08:38 PM »
ReplyReply

Customer accounts weren't all that was hacked.

From cnet:

Quote
Adobe announced on Thursday that it has been the target of a major security breach in which sensitive and personal data about millions of its customers have been put at risk.

Brad Arkin, senior director of security for Adobe products and services, explained in a blog post that the attack concerns both customer information and illegal access to source codes for "numerous Adobe products."

A few examples include Adobe Acrobat, ColdFusion, and the ColdFusion Builder. However, as far as the source code is concerned, Adobe assured that there is no "increased risk to customers as a result of this incident."

Adobe officials added that the investigation has not turned up any zero-day attacks either.

Unfortunately, the culprits have obtained access to a large swath of Adobe customer IDs and encrypted passwords.

Arkin specified that removed sensitive information (i.e. names, encrypted credit or debit card numbers, expiration dates, etc.) about approximately 2.9 million Adobe customers.

He added that investigators don't "believe the attackers removed decrypted credit or debit card numbers" from Adobe's systems.

While federal law officials are involved, Adobe stressed that there are some precautions that customers need to take action on now.

Adobe is resetting the passwords on breached Adobe customer IDs, and users will receive an email if they are affected. The software giant is also currently notifying customers whose credit or debit card information was exposed.

Adobe has also promised to offer these customers with the option of enrolling in a one-year complimentary credit monitoring membership where available.
Logged
Manoli
Sr. Member
****
Offline Offline

Posts: 614


« Reply #12 on: October 04, 2013, 05:17:11 PM »
ReplyReply

Adobe's Creative cloud was not hacked (as implied by the title of this thread).  Adobe's customer records were hacked.  Which means all of Adobe's customer could have been affected ...

Well that raises an interesting issue. In the UK, I believe it is unlawful to maintain details of a credit card once the transaction has been completed, unless it is an ongoing account arrangement, as an Amazon account would be for example. I've lost count of the number of times I've had to re-supply my credit card details when ordering products or services by phone, from companies I've already dealt with (on numerous occasions). My card details are never kept.

I have always upgraded Photoshop via phone with Adobe (UK). If they kept my credit card details on file once the  transaction was completed, then that would be contrary to UK law notwithstanding that the details were kept outside UK jurisdiction.

In fairness, I should say that up to today, I have received NO notification that my details were compromised by this latest event. Doesn't make me warm to the concept of the CC though, particularly as Adobe are insisting on monthly payments AND are refusing to accept annual payments in advance ...
« Last Edit: October 04, 2013, 05:24:57 PM by Manoli » Logged
PierreVandevenne
Sr. Member
****
Offline Offline

Posts: 510


WWW
« Reply #13 on: October 05, 2013, 05:42:44 PM »
ReplyReply

Frankly, Adobe's communication is basic ass covering.

Both customer information and source code were compromised. Unless Adobe has a single computer near a kitchen sink where it stores both customer information and source code, this indicates the compromise was extensive and probably lasted for a little while.

No added risk to customers, maybe not. But added risks for everyone given how frequently Adobe products have been exploited in recent years, source code availability will definitely not make vulnerability research harder.

No zero days used in the attack? Sounds "reassuring" but is actually the opposite: the fact that they were extensively compromised without advanced exploits doesn't reflect well on their security practices.

No decrypted customer info extracted from their network? Strictly speaking, that leaves the possibility that encrypted data and the decryption keys were exported and that the decryption occurred elsewhere, on the attacker's computers for example ;-)

BTW, it is not unusual for credit card companies to inform companies that they may have been hacked: when they see waves of fraudulent charges on new batches of compromised cards, they can correlate the data they get, for example when CC use in a single store or vacation town is the common point in a batch of abused cards...
Logged
Wayne Fox
Sr. Member
****
Offline Offline

Posts: 2859



WWW
« Reply #14 on: October 06, 2013, 01:22:13 AM »
ReplyReply

Well that raises an interesting issue. In the UK, I believe it is unlawful to maintain details of a credit card once the transaction has been completed, unless it is an ongoing account arrangement, as an Amazon account would be for example.
I haven't read any where that every customer record and password that was compromised included encrypted credit card information.  Adobe probably has many (maybe even the majority?) of it's users who create an account to register their software who do not buy directly from adobe and have never given Adobe a CC number.  And perhaps as you stated even if they have purchased from Adobe, in some countries Adobe cannot store that information.

From what I've read it sounds like the passwords and CC numbers retrieved were encrypted.  The ability to decrypt those is pretty daunting.  So perhaps they really didn't get that much.  Sounds like the real damage here is Adobe's PR which was already having some issues.
Logged

ErikKaffehr
Sr. Member
****
Online Online

Posts: 7497


WWW
« Reply #15 on: October 06, 2013, 09:49:26 AM »
ReplyReply

Things like this happen, time to time. This is a risk you take any time you pay anything with a credit card.

Best regards
Erik


I haven't read any where that every customer record and password that was compromised included encrypted credit card information.  Adobe probably has many (maybe even the majority?) of it's users who create an account to register their software who do not buy directly from adobe and have never given Adobe a CC number.  And perhaps as you stated even if they have purchased from Adobe, in some countries Adobe cannot store that information.

From what I've read it sounds like the passwords and CC numbers retrieved were encrypted.  The ability to decrypt those is pretty daunting.  So perhaps they really didn't get that much.  Sounds like the real damage here is Adobe's PR which was already having some issues.

Logged

Morris Taub
Sr. Member
****
Offline Offline

Posts: 369



WWW
« Reply #16 on: October 10, 2013, 12:47:32 AM »
ReplyReply

received another email from Adobe this morning, 'important password reset information'...asking me to reset my password, again...is this for real?...twice in a week?...
Logged

Farmer
Sr. Member
****
Offline Offline

Posts: 1631


WWW
« Reply #17 on: October 13, 2013, 06:08:25 PM »
ReplyReply

It's probably another aspect of Adobe intiating the alert to you.

I received an email 2 days ago, so after a lot of others received one.  So it's probably not another event, just the same one.  Maybe you have more than one registration with Adobe?  Could be any number of reasons.  I would, however, suggest you change your password again just to be sure!
Logged

StuartOnline
Sr. Member
****
Offline Offline

Posts: 294


WWW
« Reply #18 on: October 21, 2013, 08:56:44 PM »
ReplyReply

I had received a number of emails from Adobe over the past couple weeks about this security issues. Today via mail 10/21/13 I received a letter about this problem along with information how to receive FREE CREDIT MONITORING for the next year.   Just wondering if anyone else received one of these letters?
Logged
Les Sparks
Full Member
***
Offline Offline

Posts: 207


WWW
« Reply #19 on: October 21, 2013, 09:01:18 PM »
ReplyReply

Got my free one year of credit monitoring e-mail from Adobe.
Les
Logged

Pages: [1]   Top of Page
Print
Jump to:  

Ad
Ad
Ad