Attackers are the servers of Adobe, penetrated and encrypted credit card information of 2.9 million Adobe customers stolen, as well as an unknown number of usernames and encrypted passwords. Also, there is source code of the Adobe software captured.
The company has Thursday night announced that attackers have gained access to 2.9 million credit card details. This includes encrypted credit and debitcardnummers, expiration dates and “other information regarding order’, according to Adobe. If that information is decrypted, is that in many cases, enough to make transactions to execute, but according to Adobe, there are no indications that the attackers, the information can decrypt it.
In addition, the attackers gained access to an unknown number of Adobe ID usernames and passwords. The passwords were encrypted. Affected customers will be contacted and if their credit card details are stolen, they can get help in the form of a credit monitoring service, which suspicious transactions should be detected.
In addition, attackers gained access to source code for Adobe Acrobat, ColdFusion, ColdFusion Builder and “other Adobe products”. If attackers have the source code in hands, it is in theory easier to reduce security vulnerabilities to detect and exploit, but according to Adobe, there is no evidence that that actually happened. The company thinks that the theft of the source code and customer data with each other.
The burglary was probably mid-August, writes beveiligingsjournalist Brian Krebs, who themselves research has been done into the incident. On september 17, started Adobe with an internal investigation. Krebs found, say on a server that would be used by criminals 40 gigabytes of Adobe source code. The criminals that that server used, would rather at LexisNexis have been burgled.
The folders containing the stolen source code was. Image: KrebsOnSecurity.