Hackers access Adobe’s source code, plus 2.9 million customer accounts
Software giant Adobe announced a major security breach Thursday, in which hackers accessed its software source code plus millions of customers' credit card and login information. Who’s behind the attack and how does it affect Adobe customers?
Adobe is a software company you likely use on a daily basis without even realizing it, running applications like the ubiquitous Flash plugin and Adobe Acrobat (which reads PDFs), to ColdFusion (a web application development tool) and Photoshop. Now this software company is in the spotlight as the latest victim of a major security breach.Skip to next paragraph
Subscribe Today to the Monitor
Adobe announced Thursday that a hacking group had gained access to 2.9 million Adobe customer accounts, including login and credit card information, as well as the source code to several flagship Adobe products. The company announced in a blog post customers whose accounts were compromised will be prompted to change their password, and it has reached out to credit card companies to alert them of the potential breach.
Adobe was alerted to the attack by cybersecurity journalist Brian Krebs, working with researcher Alex Holden, CISO of Holden Security LLC, who discovered 40 GB of stolen data that included the source codes for several Adobe products, such as Acrobat and ColdFusion, according to a blog post on Krebs’ website. Krebs and Holden alerted Adobe of the hack, and the company confirmed the hackers likely gained access to the source code repository after breaking into Adobe’s credit card transaction network.
Krebs, a former Washington Post security reporter turned independent cybersecurity journalist, says Adobe encrypts credit card information; so a password change will likely be the extent of the effect on 2.9 million people whose customer accounts were accessed. The larger issue is that the hackers were able to access Adobe’s closed source code, which could mean more attacks are on their way.
“If you give somebody the blueprints to the Death Star, it is a lot easier to infiltrate,” he says.
The Death Star in this case is the Adobe software ecosystem, which runs closed-source code that isn’t available to the public. One reason companies use closed-source code is for security: if people can’t see the code, they don’t know how to break it. That is unless, as in this case, the code is illegally accessed. Though Adobe is now aware of a few vulnerabilities in its software, the hackers that had access to the source code could be on the prowl for other weak spots.