Previous news story    Next news story

Adobe accounts hacked, data exposed for 2.9 million customers

By dpreview staff on Oct 3, 2013 at 22:51 GMT

Cyber attackers breached Adobe's security recently, compromising data on 2.9 million customers. Data accessed includes 'customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders,' according to a company blog post.

The attack exposes a weakness in the company's new Creative Cloud subscription model, which omits the 'bits-in-a-box' distribution method in favor of faster access to software updates through a monthly subscription. Adobe says it's working with law enforcement to address the security breach. See the press release below for more.


Press Release:

Important Customer Security Announcement

POSTED BY BRAD ARKIN, CHIEF SECURITY OFFICER ON OCTOBER 3, 2013 8:08 AM IN EXECUTIVE PERSPECTIVES

Cyber attacks are one of the unfortunate realities of doing business today. Given the profile and widespread use of many of our products, Adobe has attracted increasing attention from cyber attackers. Very recently, Adobe’s security team discovered sophisticated attacks on our network, involving the illegal access of customer information as well as source code for numerous Adobe products. We believe these attacks may be related.

Our investigation currently indicates that the attackers accessed Adobe customer IDs and encrypted passwords on our systems. We also believe the attackers removed from our systems certain information relating to 2.9 million Adobe customers, including customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders. At this time, we do not believe the attackers removed decrypted credit or debit card numbers from our systems. We deeply regret that this incident occurred. We’re working diligently internally, as well as with external partners and law enforcement, to address the incident. We’re taking the following steps:

  • As a precaution, we are resetting relevant customer passwords to help prevent unauthorized access to Adobe ID accounts. If your user ID and password were involved, you will receive an email notification from us with information on how to change your password. We also recommend that you change your passwords on any website where you may have used the same user ID and password.
  • We are in the process of notifying customers whose credit or debit card information we believe to be involved in the incident. If your information was involved, you will receive a notification letter from us with additional information on steps you can take to help protect yourself against potential misuse of personal information about you. Adobe is also offering customers, whose credit or debit card information was involved, the option of enrolling in a one-year complimentary credit monitoring membership where available.
  • We have notified the banks processing customer payments for Adobe, so that they can work with the payment card companies and card-issuing banks to help protect customers’ accounts.
  • We have contacted federal law enforcement and are assisting in their investigation.

We are also investigating the illegal access to source code of numerous Adobe products. Based on our findings to date, we are not aware of any specific increased risk to customers as a result of this incident. For more information, please see the blog post here.

We value the trust of our customers. We will work aggressively to prevent these types of events from occurring in the future. Again, we deeply regret any inconvenience this may cause you. If you would like additional information, please refer to Adobe’s Customer Support page.

Brad Arkin

Chief Security Officer

Comments

Total comments: 138
12
Photowyzard
By Photowyzard (5 months ago)

Another good reason to avoid Adobe's Cloud system. I have dealt with Abobe on a professional level for for decades….can't stand them.

0 upvotes
SergeyMS
By SergeyMS (6 months ago)

You should never trust any company, which asks your personal data and promise "reliable security" of them. Nobody audits that these claims are true. When you invest money in shares, you examine audit reports before. When you give your personal data to some company, you just trust to their words, that all will be ok. Where is logic here?

1 upvote
HawaiiVolcanoes
By HawaiiVolcanoes (6 months ago)

Dear Adobe...we don't like you anymore

0 upvotes
Brian Davies
By Brian Davies (6 months ago)

Typical Americans: Free subscription to credit monitoring agency only available to US customers. Now we know how valued non-US customers actually are!

Comment edited 27 seconds after posting
0 upvotes
ManuelVilardeMacedo
By ManuelVilardeMacedo (6 months ago)

This was written in the stars.

0 upvotes
Franklin J Ellias
By Franklin J Ellias (6 months ago)

I don't have, won't add the Adobe Cloud. However, I do have a few Adobe programs on my computer and I had to reset my password on Saturday. So much for only cloud users!

3 upvotes
sh10453
By sh10453 (6 months ago)

I could never trust Adobe, and I don't use their products, mainly due to the outrageous prices.
There are comparable products out there at a small fraction of Adobe prices.

This security issue is nothing new, Adobe has been putting OUR security and privacy at risk for many years with their browser-based Flash Player.

3 upvotes
DanlB
By DanlB (6 months ago)

And they expect us to subscribe to their price gouging CLOUD.

2 upvotes
FreedomLover
By FreedomLover (6 months ago)

From Adobe:
"If your Adobe ID and password were involved: Adobe has already reset your password."

They are liars and have been exposed here again:
By BJN (2 days ago)
Bob.brown in comments at Ars Technica: "Adobe has not reset customer passwords."
I can confirm this is true. If you have an Adobe account you have to log into your account (Adobe Forums will do it) to get a reset request.

Adobe was hacked back in August, by the way.
By fireplace33 (2 days ago)
changing your Adobe password sounds like a wise step, but if the thieves already have all your credit card details, then maybe that card should be changed as well?

1 upvote
mermaidkiller
By mermaidkiller (6 months ago)

Indeed that is one of the reasons why I don't want to store private material in the cloud. External harddisks are very cheap and always accessible independent from an internet connection. And more secure as well.

2 upvotes
dark goob
By dark goob (6 months ago)

DPReview has stated false information in the lead-in to this article.

They said CC allows "faster" access to updates. Wrong. CC does not allow faster access to software updates. Adobe *says* it does, but it doesn't. There is nothing about Creative Cloud that speeds up the ability of Adobe to update consumers' software.

2 upvotes
cgarrard
By cgarrard (6 months ago)

Bummer.

1 upvote
aris14
By aris14 (6 months ago)

Greed, greed, greed....

4 upvotes
noel2
By noel2 (6 months ago)

Greed - yes!!! As CS and subsequent upgrades via activation became available outside the USA, notably in Europe, these were only available at about twice the price of the same product in the States. And impossible to purchase otherwise. Greed ? Yes certainly !

2 upvotes
rialcnis
By rialcnis (6 months ago)

I've had the cloud since it started. I'd prefer it that Adobe dropped the cloud and slashed their program prices. I only use 4 of the programs and have used them prior to the cloud for years.

This is a major disaster for Adobe and a major wrning to all the major sftware companies.

I remember when Bill Gates was against the cloud idea years ago. He argued againstnthe Sun Computer slogan, "The computer is the cloud" or some such...

I am sick of having all these damn clouds havingto connect. In a perfect word without thieves, terrorists and with unlimited bandwidth, I wouldn't care.

It's always been obvious to me that the whole cloud/internet will become just dead letter boxes full of spam. People tend to be short-sighted and naive to threats in this crazy world.

I did get the email from Adobe. I hope what they are saying is true.

Comment edited 1 minute after posting
3 upvotes
Class Four
By Class Four (6 months ago)

Adobe,
I don't want your stupid cloud. I'm never going to want it. I didn't want it before your cloud was hacked. If I can't own the next version of Photoshop then I've bought my last version. You have zero interest in filling the needs of your customers. You don't care about the wants and needs of your customers. You are only interested in trying to maximize profits by charging monthly fees and everyone knows it.

12 upvotes
Maxfield_photo
By Maxfield_photo (6 months ago)

Tell me again why I'd want to rent my software instead of owning it?

9 upvotes
Lea5
By Lea5 (6 months ago)

I never use my credit card for online payment and I don't do online banking for a good reason. I receive an invoice for all the stuff I buy online. I collect all bills to the end of the month and walk to my bank, a nice bank assistant get the paper stuff and transfer the money to the companies. The old way, but very safe way.

2 upvotes
abolit66
By abolit66 (6 months ago)

I hope adobe learned the lesson that CC is not a good idea.
If I had CC membership I would've canceled it immediately.

Comment edited 14 seconds after posting
12 upvotes
DonnaRead54
By DonnaRead54 (6 months ago)

Well, I'm sure glad I was too poor to subscribe for even the lowest tier! Of course, if they got my credit card number, they'd have to make a payment before they could use it ;) I'm more inclined to subscribe NOW than before, however. Once hacked, twice as much security. Or at least that's the way it should work.

1 upvote
JimmyTheHand
By JimmyTheHand (6 months ago)

I suspect management will be thinking - Lightning never strikes twice in the same place

1 upvote
frank200
By frank200 (6 months ago)

http://rt.com/usa/adobe-hacked-krebs-hold-742/

2 upvotes
foivosloxias
By foivosloxias (6 months ago)

Maybe if we paid more?

0 upvotes
Marcin 3M
By Marcin 3M (6 months ago)

Personal data stolen-bad to customers,
Credit cards numbers stolen - also bad to customers.
But stolen source codes? Bad to adobe and their shareholders, but some competitors can benefit from some of its details. We can see some products that are using stolen technology, or we will see new law regulations about software patents, to kill free software (yes, I think this news is fake, and may be the element of fight about free competition).
But if there really was some hacks - the question is, how many information about new products (ad campaigns) were also stolen?

0 upvotes
michi098
By michi098 (6 months ago)

Yes, this can happen, but man, it sure happened at a bad time for Adobe. Makes you think twice abut subscribing with them. Not that I would anyway...

3 upvotes
toomanycanons
By toomanycanons (6 months ago)

Surprise surprise.

2 upvotes
ThomasSwitzerland
By ThomasSwitzerland (6 months ago)

If you rent SW you lose control forever. Take online access for surfing only, reading news, simple mail; and keep your files hooked off. Convert your pictures with excellent camera vendor’s SW into TIFFs. Afterwards there are many “out of the box” choices.

The internet as we know it today will be dead in a couple of years. Adobe per now does not belong to this new road - just confirming old fashioned greed and corporate incompetence. Gets kicked out.

4 upvotes
Eric Hensel
By Eric Hensel (6 months ago)

How do you see the internet, as we know it, 'dying' in a few years...

Comment edited 1 minute after posting
1 upvote
ThomasSwitzerland
By ThomasSwitzerland (6 months ago)

The internet seen as a „free platform“ for all like today will mutate. There will be paid exclusive platforms, unbreakable secure platforms, and a regional separated mix within global power centers like in Asia, Russia, Europe, South America with stringent controlled gateways to the outside. The security issues will be resolved. Admitted users will have more choices and privacy. I am not a futurist, just my technical opinion according to market needs.

0 upvotes
dodgebaena
By dodgebaena (6 months ago)

I agree with ThomasSwitzerland. Somebody very soon will figure out a way to monetize the use of the internet.

0 upvotes
sebastian huvenaars
By sebastian huvenaars (6 months ago)

Trying to think of secure objects, a "cloud" wouldn't exactly pop to mind :)

5 upvotes
Fogsville
By Fogsville (6 months ago)

This isn't about cloud services. The service is not on the same servers as the source code or consumers personal information. Running programs from a cloud doesn't imply that a user's full personal information (aside from log-in and password) and credit card info can be accessed.

The stealing of source code is more worrisome than consumers personal info (which can be monitored and corrected by the consumer.) "While we are not aware of specific use of data from the source code, we fear that disclosure of encryption algorithms, other security schemes and software vulnerabilities can be used to bypass protections for individual and corporate data," said Hold Security's Holden. "Effectively, this breach may have opened a gateway for new generation of viruses, malware and exploits."

3 upvotes
Shamael
By Shamael (6 months ago)

certainly not, but, a cloud system is one more portal to access a company's server system. If you keep cloud in another separate network system, all is ok, but once you combine corporate system and cloud, you open doors, and hackers know where to find those doors. Make a product, put it in a box and sell it on store shelves or online. Adobe's greed policy turns against them. PS CC has been hacked and is available with cracks, just like any other version, thus, the "free" use is not the reason for cloud operations. Security system at Adobe where not as performant as their software, unfortunately for them.

Comment edited 2 times, last edit 2 minutes after posting
1 upvote
Fogsville
By Fogsville (6 months ago)

"Cyber attacks are one of the unfortunate realities of doing business today. " -Brad Arkin, Chief Security Officer, Adobe.

Well, that is really more dependent on how much money and resources a company decides to put into their security efforts. To say it's 'just part of life' in the very first sentence of a public press release is simply passing the buck. btw, this breach occurred in August or probably earlier. It wasn't even discovered by Arkin, the "Chief Security Officer" but instead by third-party security researchers not even associated with Adobe (Brian Krebs and Alex Holden.) "Chief Security Officer" Arkin was asleep at the wheel.

Anyway, this incident does reflect on how much money and effort Adobe puts into their "security" and on their priorities as a company. And clearly Adobe hasn't had the most stellar track record in respect to its software security.

7 upvotes
Tan68
By Tan68 (6 months ago)

'asleep at the wheel'
It's called Tooncing.

1 upvote
m3
By m3 (6 months ago)

"And clearly Adobe hasn't had the most stellar track record in respect to its software security."
I'll re-phrase that:
And clearly Adobe hasn't had the most stellar track record in its respect to its customers.
So bollocks to 'em.

0 upvotes
W5JCK
By W5JCK (6 months ago)

I do NOT subscribe to their CC, nor ever have nor ever will. But I have purchased directly from Adobe. I do not remember if I set up any payment type info with them though, and after changing my password and logging in I was not able to locate any saved payment info. I'm hoping they did not save anything since it would not be necessary for non-CC purchasing. With CC purchasing I assume Adobe would require saving of payment info so they can collect their monthly extortion money.

2 upvotes
naththo
By naththo (6 months ago)

Sounds about right. If you purchase item fully this is once off payment. So they do not keep it for recurring. If it was subscription then yes they keep it for recurring every month.

1 upvote
Fogsville
By Fogsville (6 months ago)

I don't believe it's limited to cloud subscribers only. I'm not a subscriber but have purchased from Adobe in the past. Here is what their email to me said specifically: "If you have placed an order with us, information such as your name, encrypted payment card number, and card expiration date also may have been accessed. We also recommend that you monitor your account for incidents of fraud and identity theft, including regularly reviewing your account statements and monitoring credit reports. If you discover any suspicious or unusual activity on your account or suspect identity theft or fraud, you should report it immediately to your bank. You will be receiving a letter from us shortly that provides more information on this matter."

If you ever bought directly from Adobe (including any paid updates) and/or registered products with Adobe and/or have an Adobe log-in and password, then that personal info was breached.

1 upvote
W5JCK
By W5JCK (6 months ago)

I have bought several products and updates directly from Adobe, but they have not sent me an email yet like the one Fogsville got.

0 upvotes
Fogsville
By Fogsville (6 months ago)

Then Adobe feels that you're not one of the 2.9 million customers who were affected (although I'd change your Adobe password and just keep an eye on credit card transactions for a while.) My initial point was that this is not limited to Adobe Creative Cloud service subscribers. I don't think DPReview is completely correct in saying, "The attack exposes a weakness in the company's new Creative Cloud subscription model." What this really exposes is that businesses should not be storing CC and personal info for convenience's sake. It's not specific to their cloud services (and case in point, I'm not a cloud customer.)

From Adobe:
"If your Adobe ID and password were involved: Adobe has already reset your password. You will receive an email notification from Adobe with information on how to change your password. We are only notifying customers whose user ID and password were involved, and that process is already underway."

0 upvotes
Hugo808
By Hugo808 (6 months ago)

You may also like:

Poll: What concerns you most about Adobe's move to subscriptions?

I guess we all have an answer to that now!

2 upvotes
samhain
By samhain (6 months ago)

In case you didn't see Irata's post-
Here's the real story on what happened, and how:

http://krebsonsecurity.com/2013/10/adobe-to-announce-source-code-customer-data-breach/

3 upvotes
kurtizone
By kurtizone (6 months ago)

There are several security approaches that Adobe and every other cloud service should be using instead of those that expose a password on the wire. Just Google federated SSO or SAML or OpenID Connect. They package up a credit card number as a claim inside a digitally signed and encrypted token. The cloud service decrypts and unpacks the token, processes the credit card transaction and then deletes the credit card number from memory. The cloud provider doesn't need to store credit card info, where Chinese and eastern bloc criminals can get hold of them. How do you know if an online service, if it stores your card number, is encrypting or hashing your data? You don't and the cloud provider apparently doesn't care.
The world is moving to a cloud model for software-as-a-service. Yet SAML and other claims-based technologies aren't being widely adopted in spite of stupidities like those of Adobe.

1 upvote
cordellwillis
By cordellwillis (6 months ago)

No matter what, everything will have some form of flaw. I'm sure there are valid reasons to choose what they did. Unless you can see into the future even what you suggest here is not 100% hacker proof.

1 upvote
Sean Clark
By Sean Clark (6 months ago)

Adobe has been building the security flaws right in by design with the flash and acrobat reader web browser plugins to the point they surpassed Microsoft's IE and Outlook as infection vectors. With that kind of longstanding wreckless disregard for security in products intended for our use on a hostile network, they deserve no benefit of the doubt. It's apparently a corporate culture.

0 upvotes
DuxX
By DuxX (6 months ago)

I hope that this will end any further thinking about renting and using cloud software. Cheers!!

10 upvotes
cordellwillis
By cordellwillis (6 months ago)

Why? It's an option. I like options. I opted not to "rent" the software. Some day I might decide to do so.

1 upvote
danmar
By danmar (6 months ago)

"We will work aggressively to prevent these types of events from occurring in the future."

How can we believe you since you didn't do this time? Or any of the hundreds of other times you left security holes in your software.

6 upvotes
MikeFairbanks
By MikeFairbanks (6 months ago)

My previous post is tongue-in-cheek, but the event is very real.

Adobe said the Creative Cloud is a year-long committment. But since I signed up via live chat with an Adobe rep, I believe I was mislead. I even appealed and was denied through the appeal process.

To require a year-long committment shows me that they don't have enough confidence in their product that you'll want to stay with them.

I'll continue buying stand-alone software in the future. I don't want a subscription-based service, especially one that locks you in for a set amount of time. That's just desperation, in my opinion.

Plus, all I really want is Photoshop Elements. I use Canon's FREE software for my raw files (it's almost as good as Lightroom and just as fast).

9 upvotes
RobertSigmund
By RobertSigmund (6 months ago)

Actually, Canon is better than Lightroom in RAW processing.

4 upvotes
mimot13
By mimot13 (6 months ago)

Yes, DPP is better and faster as LR4/5.. (RAW), at zero cost. Of course LR do more in other aspects.
C1 too is much more better than LR and do the same !

0 upvotes
MikeFairbanks
By MikeFairbanks (6 months ago)

I actually quit my Creative Cloud membership months ago, but Adobe doesn't seem to be handling our breakup very well. She told me I had a year-long committment that was in the terms of service, but I signed up via live chat, and was told differently. I was told that if I quit in the first thirty days I'd get a full refund, and then after that I could quit anytime (but wouldn't get refunded for the first month of usage beyond thirty days).

Again, this was during live chat.

Well, when we broke up, she laid all that on me and I said, "Look, it's not me. It's you." I wasn't happy with the service and, frankly, wasn't using it enough to justify the expense.

So she said I owed her alimony. She said I had to give her fifty percent (half) of the money for the remaining year-long contract. I told her I was signed up by a representative and wasn't told of the year-long committment.

Now she won't leave me alone. I get emails, bills, etc.

Adobe: Leave me alone! It's over.

4 upvotes
naththo
By naththo (6 months ago)

I don't think I really understand what your story really meant about what 30 days are you really talking about. Although I am sorry to hear you had problem with customer service which did not really handle it well. Although from what I am understanding is if you want to try out for 30 days but if you are not satisfy with, you should cancel it inside first 30 days before its too late. If you did cancel within first 30 days and Adobe will have no problem refund it back to you and cancel it indefinitely. But if its beyond thirty days and if this is on one year subscription, it is a sticky one, you cannot change it after 30 days. They would have assume you have commit to keep using it after 30 days so they assume that you want to keep it and pay per month for a year. Remember please read term and condition for agreement before apply the subscription.

0 upvotes
cordellwillis
By cordellwillis (6 months ago)

A bunch of stupid comments here. Do any of you bank online? It can happen anywhere.

3 upvotes
Eleson
By Eleson (6 months ago)

Well ...
I'm sure they are PCI-DSS audited and compliant. And then this should not happen.
So someone f*ed badly. And the credit card companies will not pay up for losses.
It is embarrassing that this can happen and says a lot.

3 upvotes
RobertSigmund
By RobertSigmund (6 months ago)

I don't, for good reason.

3 upvotes
MisterPootieCat
By MisterPootieCat (6 months ago)

Oops!

0 upvotes
Markintosh
By Markintosh (6 months ago)

Another good reason not to upgrade:( One thing it's to purchase software ones in 18 month, another is to store credit card info there forever because you are leasing the software. But nobody can be sure that Adobe is not store credit card info for person who purchased CS6, for example.

3 upvotes
naththo
By naththo (6 months ago)

Okay enough of defamation and flaming at Adobe. Its not worth it. It does not help when you do this. They can sue you for serious defamation as I see some of serious defamation going around. Some of what you said are so untrue. The truth is, its Adobe's fault for not keeping their system secured for your sensitive information like payment processing and customer profile information. It got nothing to do with software seriously. Fffsss I assume you haven't worn glasses to read properly what they said. It is to do with payment department and the customer information department that they did not keep it secured and its their fault. It hasn't said anything to do with software you are running.

Also it is customer responsible to keep their computer secured before using internet and purchase online by having a completed security suite installed as well. It is your responsibility too. Not just Adobe responsibility.

Comment edited 4 minutes after posting
2 upvotes
dpalugyay
By dpalugyay (6 months ago)

Excuse me? Defamation? Adobe irresponsibly lost access to MY personal information. My address, e-mail, password, perhaps the keys to all my versions I have purchased of their software for the past 6 years, and MY CREDIT CARD INFO. You DO NOT get to defend them and their irresponsible IT practices to each of us. Unless you are an Adobe shill.

Comment edited 26 seconds after posting
5 upvotes
naththo
By naththo (6 months ago)

1. Adobe did not talk about software breach recently.
2. Adobe only did talk about hacker hacked into to steal customer information and payment information. Thats it.
3. People here are BEING so aggressive and assault against them is a defamation against them.
4. THIS TOPIC IS ONLY TALK ABOUT CUSTOMER INFO AND PAYMENT INFO, that is very clearly read outloud. So stay on topic. Adobe expect you to do the same too. Going way off topic with utterly rubbish rumour are just ridiculous. Attacking them about other than that like software and off topic against them are clearly a defamation against them. But of course we are rights to be angry but we have to be VERY careful what we are really doing in here. I am here to show that I am disappointed that their customer and payment department are not handling well and not keeping it secured. It got nothing to do with software.

And oh don't accuse me of working for Adobe. I do not work for Adobe. Full stop!

Comment edited 1 minute after posting
0 upvotes
InTheMist
By InTheMist (6 months ago)

@naththo That is the weakest defense I've ever heard. Their behavior and ineptitude is indefensible.

4 upvotes
Biowizard
By Biowizard (6 months ago)

Bye bye Adobe Reader XI - never liked you anyway.

Just hope my Photoshop CS6 has not been compromised by source code hacks.

Brian

5 upvotes
skinnymakespretty
By skinnymakespretty (6 months ago)

they should have stick to doing software license, now they ef up with the community. good job adobe. well deserved.

2 upvotes
Husaberg Grok
By Husaberg Grok (6 months ago)

This is one reason why many organizations keep their workstations off the web.

3 upvotes
SRT3lkt
By SRT3lkt (6 months ago)

Creative Fraud

3 upvotes
Dennis
By Dennis (6 months ago)

Now, how about that; Adobe goes Open Source - unintentionally though!

Anyway; no more Acrobat Reader on my machines - seems to be one of the best documented platforms for security breaches...

4 upvotes
naththo
By naththo (6 months ago)

I was forced to change password today and had to go to bank but the bank had advised me there is no unusual transaction and is now good time to keep eyes on online banking for any unusual transaction if any then its time to change bank cards number and new pin issue to it. But got email from Adobe and I was informed that they (The hacker) had failed to decrypt my bank card anyway. So it may sounds like my bank card is safe. But Adobe once again said it is not 100% certain about that. So best keep eyes on any unusual bank activity. If any, go straight to bank and change it straight away. I am deaf and I cannot make phone call so only one way is go to bank during business week/hour. Such a shame to see this happen like that!

0 upvotes
ozgoldman
By ozgoldman (6 months ago)

I received two emails from Adobe but initially thought they were from scammers. In a way I guess they are as the result of scammers anyway.
I am told that credit card security in the US is way behind the rest of the world, and that the US do not have chip embedded cards yet, only the magnetic strip on the cards, which is dinosaur technology these days, and that encourages scammers to target US companies as they are seen as soft targets as security is so lax. Not sure if that is completely correct, but the crooks are getting pretty clever these days. Looks like I will be changing my credit car on Monday too. Do I send the bill to Adobe?

0 upvotes
Tan68
By Tan68 (6 months ago)

The chip cards require a PIN.

I only recently learned that a PIN can be set up for an American credit card.

In many cases, this doesn't change a thing because the credit card, like a debit card, can be used without the PIN. Same as it ever was.

The benefit to setting a PIN for the credit card is that the CC can then be used with in the PIN-enabled credit card world. This means you can use your credit card (with PIN) to buy a train ticket at a kiosk in Zurich. With no PIN, the CC is not accepted and you have to go to the ticket window, use the CC, and sign a receipt.

A debit card can be used at the kiosk because they have PIN.

Anyway and for what it is worth.
Yeah, I think the PIN system is better..

0 upvotes
Shamael
By Shamael (6 months ago)

the pin is a confirmation of authenticity, but serves to nothing in urban purchase. The pin code you enter in a card is what does it, and you can change it at any time. If someone uses a card with the good old rick rack machine, you need a signature on the voucher, and the Credit Card company has asked to anyone using a system like that to ask the card holder for an ID card. The real problem remains in online purchase by direct credit card transaction, if they have your data, and pin number, they can buy all they want, and, there is no control on the identity of the one who makes the operation. You can do that in any Internet café or wireless point at any time. So, better change the cards.

0 upvotes
Irata
By Irata (6 months ago)

If you want the real story about the attack rather than the watered down excuse that comes out of Adobe read the details here:

http://krebsonsecurity.com/2013/10/adobe-to-announce-source-code-customer-data-breach/

It turns out the "sophisticated" attack was just Adobe's own unpatched software.

8 upvotes
Impulses
By Impulses (6 months ago)

They establish that's a possibility but didn't say for certain... Either way, it can and has happen to any company, it's just kind of ironic that this would happen to Adobe because of their own software and while in the midst of the CC backslash.

The bigger revelation in that article is that the attack actually happened 2-6 WEEKS ago (there's two contradictory statements, at least the way I read it), and that Adobe was semi-clueless about the severity until the article's writer contacted them... At best it seems like they were aware but were trying to keep it hush. That's absolutely the worst possible way of handing a debacle like this.

It can happen to anyone, and at the end of the day it has little to do with cloud computing itself (the cloud might put you slightly more at risk but proper security layers like 2-step authentication can largely mitigate that), not being honest with costumers is by far a bigger issue IMO. I'd be far more trusting of a company that reacts faster, issues notifications in a matter of days etc (and plenty have done so under similar circumstances).

Honestly, the fact that this happened doesn't surprise me and wouldn't dissuade me from using CC, the fact that Adobe's handling it so poorly is far more newsworthy and DPReview should consider updating the post or following up with additional details.

Not forcing a password reset on next login is another huge gaffe on their part that only helps to empower the criminals that are already profiting from this. If Adobe doesn't compensate their costumers appropriately for their troubles (beyond the one year credit monitoring) I'd say they get an F for thhandling of the situation, which to me counts for more than the actual breach.

2 upvotes
afterburn
By afterburn (6 months ago)

Oh ffs people, you don't like CC. We get it. We've heard it a million times. Move on. Use other software. But quit whining. It is getting old.

This has nothing to do with CC. How many of you have PayPal? Or Google Wallet? Or have an Amazon account? Or have shopped at online stores using your credit card? You think your data is safe there? This could happen to any company. Any person buying stuff through the internet from whatever source, no matter how reputable, runs the risk of their personal and creditcard details being stolen and abused. The only thing you can do about it is to buy at the most reputable stores you can find, don't let stores store your information regardless of the convenience and to check every line item on your creditcard statement every month. Or only use your creditcard in B&M locations, and pray the clerk isn't creating a copy of your card as he swipes it through the machine.

1 upvote
cfh25
By cfh25 (6 months ago)

"...don't let stores store your information regardless of the convenience..." So you're saying, don't use subscription services who require ongoing monthly access?

16 upvotes
justinwonnacott
By justinwonnacott (6 months ago)

This has everything to do with creative cloud. I would not be having a monthly bill paid by credit card to Adobe if they let me purchase the software outright with no strings attached.

9 upvotes
cordellwillis
By cordellwillis (6 months ago)

justinwonnacott, I thought the software was still available to purchase outright. I know of people who have CS6. I'd like to know what you can't purchase without the subscription....I don't subscribe and was never interested so I don't know.

0 upvotes
afterburn
By afterburn (6 months ago)

@cfh25: no, that is not what I am saying. What I am saying is, that if you don't want to risk abuse, you should not do _any_ payments online with your creditcard.

This is no different than i.e. Apple or Google, who both require you to provide them with your creditcard details if you want to be able to purchase anything for their respective phones/stores. Think they cannot be hacked? What about PayPal/Ebay? Or Amazon?

But you knew that, and you were just trying to be smart and turn it around back to CC again.

@justinwonnacott: So Adobe is forcing you to use their software, no? They put a gun to your head and threatened to pull the trigger if you didn't sign up for CC and gave them your creditcard information, no?

@All: Again, this has nothing to do with CC. Every time you do a purchase online you take the risk that company or their payment provider gets hacked and your details abused. If you don't find that acceptable, use cash in B&M. Of course, you risk being mugged on the street.

0 upvotes
Eleson
By Eleson (6 months ago)

Yes it is related to CC. The handling of credit card numbers is regulated in Web shops. And is even more regulated if you're store wants to store the credit card number after the transaction.
And Adobe does seem like a company that handled that to well when they pushed CC.

1 upvote
JasperD
By JasperD (6 months ago)

I have CS6, PSE11 and LR4. Fair enough, I got the mailing with the warning too. A lot of negative vibrations out of that company lately. Very unsettling.

8 upvotes
Danny
By Danny (6 months ago)

Karma.

4 upvotes
M Jesper
By M Jesper (6 months ago)

As if their reputation could sink any further, it's their loyal members who get punished for trusting them, again. Not very good Karma is it.

Comment edited 20 seconds after posting
2 upvotes
Total comments: 138
12