Ad
Ad
Ad
Pages: [1] 2 »   Bottom of Page
Print
Author Topic: Adobe, Important Customer Security Alert !  (Read 6353 times)
thierrylegros396
Sr. Member
****
Offline Offline

Posts: 602


« on: October 04, 2013, 02:46:48 AM »
ReplyReply

No more confidence in Cloud(s) and Adobe for me !

Read below especially if you are concerned.


Important Customer Security Alert
To view this message in a language other than English, please click here.

We recently discovered that attackers illegally entered our network. The attackers may have obtained access to your Adobe ID and encrypted password. We currently have no indication that there has been unauthorized activity on your account. If you have placed an order with us, information such as your name, encrypted payment card number, and card expiration date also may have been accessed. We do not believe any decrypted card numbers were removed from our systems.

To prevent unauthorized access to your account, we have reset your password. Please visit www.adobe.com/go/passwordreset to create a new password. We recommend that you also change your password on any website where you use the same user ID or password. As always, please be cautious when responding to any email seeking your personal information.

We also recommend that you monitor your account for incidents of fraud and identity theft, including regularly reviewing your account statements and monitoring credit reports. If you discover any suspicious or unusual activity on your account or suspect identity theft or fraud, you should report it immediately to your bank. You will be receiving a letter from us shortly that provides more information on this matter.

We deeply regret any inconvenience this may cause you. We value the trust of our customers and we will work aggressively to prevent these types of events from occurring in the future. If you have questions, you can learn more by visiting our Customer Alert page, which you will find here.
Adobe Customer Care
« Last Edit: October 04, 2013, 01:06:00 PM by thierrylegros396 » Logged
stamper
Sr. Member
****
Online Online

Posts: 2397


« Reply #1 on: October 04, 2013, 02:51:05 AM »
ReplyReply

I received the same message but is it for real? More information needed before changing anything? Roll Eyes
Logged

stamper
Sr. Member
****
Online Online

Posts: 2397


« Reply #2 on: October 04, 2013, 03:32:47 AM »
ReplyReply

It seems that this is indeed real. I have reset my password but what does this mean regarding credit cards that has been stored. Should the credit card company be contacted or does Adobe do that?
Logged

chez
Sr. Member
****
Offline Offline

Posts: 303


« Reply #3 on: October 04, 2013, 05:57:52 AM »
ReplyReply

It seems that this is indeed real. I have reset my password but what does this mean regarding credit cards that has been stored. Should the credit card company be contacted or does Adobe do that?

A few months back I had my MasterCard card canceled by the credit card company and a new one issued because it was potentially compromised. They did not tell me details. I would think your credit card company would be responsible dealing with notifications to people who's credit could be in jeopardy.
Logged
cgoss
Newbie
*
Offline Offline

Posts: 21


WWW
« Reply #4 on: October 04, 2013, 06:48:47 AM »
ReplyReply

I received a copy of the same email which clearly states

Quote
To prevent unauthorized access to your account, we have reset your password.

Yet, when I accessed my account I found it fully functional using the old password.  Beware.
Logged
Ken Richmond
Jr. Member
**
Offline Offline

Posts: 70


WWW
« Reply #5 on: October 04, 2013, 07:24:18 AM »
ReplyReply

Does Snowden still have his computer?

Ken Richmond
Logged

DavidJ
Jr. Member
**
Offline Offline

Posts: 54


WWW
« Reply #6 on: October 04, 2013, 07:57:51 AM »
ReplyReply

I reset my password online and spoke to Adobe UK on the phone who confirmed that my details had been hacked. I therefore decided to freeze my credit card and get a new one sent.

David
Logged

David Allen
BobShomler
Newbie
*
Offline Offline

Posts: 7


« Reply #7 on: October 04, 2013, 08:58:37 AM »
ReplyReply

Looks real;also read it in this morning's newspaper.  Here's Adobe's page:

  http://blogs.adobe.com/conversations/2013/10/important-customer-security-announcement.html
Logged
stamper
Sr. Member
****
Online Online

Posts: 2397


« Reply #8 on: October 04, 2013, 09:49:19 AM »
ReplyReply

I phoned my credit card company and they say they know nothing about it and I should contact Adobe. I phoned them but couldn't get through. The credit card company - Mastercard - warned against re setting the password. Confused? I am.
Logged

stamper
Sr. Member
****
Online Online

Posts: 2397


« Reply #9 on: October 04, 2013, 10:03:21 AM »
ReplyReply

Contacted Adobe and the reply was.

Rohit_singh: Hello! Welcome to Adobe Customer Service.

Rohit_singh: Thank you for contacting Adobe Systems, my name is Rohit, how can I help you today

: Have my credit card details been comprimised by the hacking?

Rohit_singh: Just a moment

Rohit_singh: At this time, we believe that the strength of the encryption algorithm and key are sufficient to prevent decryption of the encrypted card data without the key.

 Thank you


That seems to be the "official line"
Logged

Slobodan Blagojevic
Sr. Member
****
Offline Offline

Posts: 5018



WWW
« Reply #10 on: October 04, 2013, 10:15:50 AM »
ReplyReply

Has anyone noticed this part of the Adobe official statement:

Quote
encrypted payment card number, and card expiration date also may have been accessed. We do not believe any decrypted card numbers were removed from our systems.

Apparently, what was stolen were encrypted numbers. Maybe hackers will be able to decrypt them, maybe not. Decrypting a single number probably is not such a huge task, but 2.9 millions? Also, it shall be noted that Adobe "believes" (ie, not sure) their decrypted numbers were not compromised.
Logged

Slobodan

Flickr
500px
Slobodan Blagojevic
Sr. Member
****
Offline Offline

Posts: 5018



WWW
« Reply #11 on: October 04, 2013, 10:35:39 AM »
ReplyReply

I phoned my credit card company and they say they know nothing about it and I should contact Adobe. I phoned them but couldn't get through. The credit card company - Mastercard - warned against re setting the password. Confused? I am.

Stamper,

Mastercard advice against resetting the password is based on the usual phishing scam, where a hacker poses as a legitimate site (ie, Adobe) and asks you to go to a legitimately-looking (but actually fake) site and reset your password, asking for your old password along the way.

This event is a real one, and thus resetting your password would be a reasonable move.

As for Adobe contacting your CC company... probably not going to happen. Such level of inter-company co-ordination is probably a distant dream. In many companies, one internal department is often not fully aware what other departments are doing. Just ask federal agencies in the pre-9/11 era (heck, ask them even today).

I do not believe that there are protocols in place to transfer 2.9 million numbers to major credit card companies. That would also require decryption prior to sending (thus increasing the risk).
« Last Edit: October 04, 2013, 10:46:59 AM by Slobodan Blagojevic » Logged

Slobodan

Flickr
500px
sniper
Sr. Member
****
Offline Offline

Posts: 571


« Reply #12 on: October 04, 2013, 10:39:47 AM »
ReplyReply

On the tv news here todays it was said that Adobe are not sure what dats has been hacked yet and are still checking (or words to that effect)  we won't know for sure untill all the infos in.
I'd suggest checking with your card company, I doubt adobe will contact them all.
Logged
Tim Lookingbill
Sr. Member
****
Offline Offline

Posts: 1055



WWW
« Reply #13 on: October 04, 2013, 11:19:54 AM »
ReplyReply

I'ld like to give some perspective in order to alleviate the fear being generated in this thread understandably over concerns of ID theft from Adobe's servers being hacked coming from someone who just recently became an ID theft victim in 2012 by way of fraudulent charges placed on my credit card and fake IRS tax returns filed to gain a huge refund using my SSN, home address & DOB.

Here's the skinny...

The money stolen in your name by way of fraudulent accounts and existing accounts you will never be responsible for and will be paid by the financial institution's insurance company. Also the folks who actually use the ID info to commit the actual fraud rarely are caught and prosecuted, so I guess you can see who is the real loser here...the insurance companies.

The only thing the ID theft victim will be burdened with is filling out letters and affidavits to law enforcement on all levels from city, county, state and federal (the FTC) as well as put credit freezes to not only report the crime but also prove it wasn't you that raked up all these charges IOW it's going to be a time consuming experience similar to grant writing or filling out applications for loans with the (SBA) Small Business Administration.

How can I be this blunt about this? I started asking ID theft questions (which I never did before in my entire 54 years) to close to ten random people in my community and financial institution CSR's who all told me of their ID theft experience which varied by dollar amount lost and methods used to commit fraud in their name. They all said they didn't lose money and the perps were never caught or prosecuted.

This is the perfect crime and it scares the hell out of me, but I don't know why.
« Last Edit: October 04, 2013, 11:22:26 AM by Tim Lookingbill » Logged
Isaac
Sr. Member
****
Offline Offline

Posts: 2347


« Reply #14 on: October 04, 2013, 11:22:58 AM »
ReplyReply

I'd suggest checking with your card company, I doubt adobe will contact them all.

"We have notified the banks processing customer payments for Adobe, so that they can work with the payment card companies and card-issuing banks to help protect customers’ accounts."

http://blogs.adobe.com/conversations/2013/10/important-customer-security-announcement.html
Logged
Ken Richmond
Jr. Member
**
Offline Offline

Posts: 70


WWW
« Reply #15 on: October 04, 2013, 12:11:48 PM »
ReplyReply

So why isn't my president on this?  Can't his NSA find and drone these clowns?

Ken Richmond
Logged

Steve Weldon
Sr. Member
****
Offline Offline

Posts: 1441



WWW
« Reply #16 on: October 04, 2013, 12:58:21 PM »
ReplyReply

Contacted Adobe and the reply was.

Rohit_singh: Hello! Welcome to Adobe Customer Service.

Rohit_singh: Thank you for contacting Adobe Systems, my name is Rohit, how can I help you today

: Have my credit card details been comprimised by the hacking?

Rohit_singh: Just a moment

Rohit_singh: At this time, we believe that the strength of the encryption algorithm and key are sufficient to prevent decryption of the encrypted card data without the key.

 Thank you


I dunno.. with the 12 core Ivy Bridge chips just released..  Grin

That seems to be the "official line"
Logged

----------------------------------------------
http://www.BangkokImages.com
PierreVandevenne
Sr. Member
****
Offline Offline

Posts: 508


WWW
« Reply #17 on: October 04, 2013, 07:00:35 PM »
ReplyReply

One never knows with Adobe (after all they once sold a 5000$ e-book protection server any reasonably astute 12 yo could have cracked with a pen a a sheet of paper - basically they used XOR) but if they used decent password protection practices (salted, strong algo - some info here https://crackstation.net/hashing-security.htm) danger isn't that high. If they did not, a lot of them will fall.

Note to Slobodan: reversing a single hash is extremely hard, reversing some of the 2.9 million hashes is potentially much easier. First because you basically have 2.9 million lottery tickets instead of one, but also because the amount of data by itself may leak info on the techniques Adobe uses: for duplicate hashes would indicate identical initial passwords hashed without salt or with a constant salt.

PS: my last Adobe purchase was on the 29th of September and I haven't received a notification from them.
Logged
TylerB
Sr. Member
****
Offline Offline

Posts: 334


WWW
« Reply #18 on: October 04, 2013, 08:53:14 PM »
ReplyReply

I don't know if it's related, but I've been having login issues, and password reset issues with them all day long. A very long frustrating support chat did not resolve it though they would not stay on long enough to find that out with me. So I will have to start over tomorrow. As of now, I can not access my account. Perhaps they have their hands full, and I will try in a few days.. or perhaps I'm being generous..
Logged
Slobodan Blagojevic
Sr. Member
****
Offline Offline

Posts: 5018



WWW
« Reply #19 on: October 04, 2013, 10:48:22 PM »
ReplyReply

... Note to Slobodan: reversing a single hash is extremely hard, reversing some of the 2.9 million hashes is potentially much easier. First because you basically have 2.9 million lottery tickets instead of one, but also because the amount of data by itself may leak info on the techniques Adobe uses: for duplicate hashes would indicate identical initial passwords hashed without salt or with a constant salt...

My question was from the position of uneducated guess. Thanks for clarification.
Logged

Slobodan

Flickr
500px
Pages: [1] 2 »   Top of Page
Print
Jump to:  

Ad
Ad
Ad