“A security breach targeting the source code used by software giant Adobe has compromised the information of nearly three million customers, the company confirmed this week.
Brad Arkin, Adobe’s chief security officer, announced in a blog post Thursday that a sophisticated cyber attack on the company’s network caused the source code for numerous programs to be illegally accessed by hackers, as well as the personal information of millions of Adobe users.
Founded in 1982, the Silicon Valley company is known for an array of products, including the PhotoShop editing software and the PDF, SWF and FLV file formats.
According to Arkin, Adobe believes the attackers pilfered customer names, encrypted credit and debit card numbers, expiration dates, and other information related to customer orders pertaining to roughly 2.9 million Adobe clients.
Arkin said the company does not believe the attackers accessed decrypted information, but stopped short of confirming that plain-text data wasn’t compromised.
“We’re working diligently internally, as well as with external partners and law enforcement, to address the incident,” he said.
He also stated that the theft of customer data and the source code for numerous Adobe products was likely related.
Brian Krebs, a well respected security researcher and former Washington Post reporter, acknowledged that he stumbled upon a 40 GB trove of Adobe source code around one week ago on the same server thought to be used by the hackers behind other recent major compromises. Krebs said that the source code pertained to Adobe’s ColdFusion and Acrobat software, which would suggest that hackers have obtained the blueprints for some of the company’s most widely used products.
Hold Security, a firm that worked in conjunction with Krebs, said that “This breach poses a serious concern to countless businesses and individuals.”
If hackers have been able to access Adobe source code, they could theoretically be able to analyze that information and engineer malware that exploits vulnerabilities and compromises the security of several million users, experts fear.
“Effectively, this breach may have opened a gateway for new generation of viruses, malware, and exploits,” Hold Security said in a statement….”Twitter