Hackers access Adobe’s source code, plus 2.9 million customer accounts
Software giant Adobe announced a major security breach Thursday, in which hackers accessed its software source code plus millions of customers' credit card and login information. Who’s behind the attack and how does it affect Adobe customers?
(Page 2 of 2)
This could mean more widespread attacks on Adobe products, which cover everything from opening PDFs through Adobe Reader to designing web apps through Adobe ColdFusion. So what is the hackers' motivation? Krebs says it could range from gaining deeper access for more targeted attacks, as hackers better understand the framework of Adobe security, or even to sell source-code secrets. An Adobe source code vulnerability could go for “tens of thousands” of dollars, he estimates. And this is only the tip of the iceberg.Skip to next paragraph
Subscribe Today to the Monitor
"It wasn’t just some opportunistic [hacker]," he says about the attacks. "They’ve been very methodical about the targets."
He points out that the hackers behind the attack were also behind recent data breaches at LexisNexis (which holds a huge database of legal and public records), Dun & Bradstreet (a data aggregator), and Kroll Background America Inc. (which gathers information on employment, drug, and health screening). Their motivation, he explains in a previous blog post, for those attacks was likely to gain information on knowledge-based authentication, which could then be used to apply for credit or transfer money. So if a banker asks a hacker for a social security number or employment history, they would be able to answer using information gleaned from these companies’ servers.
This news comes to light amid a growing number on cyber attacks on companies from Apple to US-run natural gas pipeline operators, to the New York Times, and motivations can be anything from political statements to identity theft. Krebs says he isn’t sure whether the rise in attacks is due to an increase in attacks or increase in coverage of attacks, but he says it is something that every business needs to look out for.
“Any organization that says they aren’t getting attacked likely [isn't] looking hard enough,” he says.
Though Adobe has its security work cut out for them, what could the average Adobe customer do to protect against a future hack? Krebs says switching up software, like using Foxit or Sumatra to read PDF files is a good idea. Another Adobe blog post suggests updating all security measures on Adobe software.
Ultimately, Krebs says it comes down to whether companies are developing their cyber security as fast as hackers are finding cyber vulnerabilities.
“I only expect these acts to grow,” he says. “The question is: can companies up their game?"