QUICK LINKS:VideosSample ImagesCamera TimelineLink Directory
connect.dpreview.com geasrshop.dpreview.com
NewsReviewsBuying GuideSample ImagesArticlesCamerasLensesPhonesPrintersSoftwareForumsGalleriesChallenges
NewsOctober 2013
 Previous news story    Next news story

Adobe accounts hacked, data exposed for 2.9 million customers

Oct 3, 2013 at 22:51:00 GMT
Print view Email

Cyber attackers breached Adobe's security recently, compromising data on 2.9 million customers. Data accessed includes 'customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders,' according to a company blog post.

The attack exposes a weakness in the company's new Creative Cloud subscription model, which omits the 'bits-in-a-box' distribution method in favor of faster access to software updates through a monthly subscription. Adobe says it's working with law enforcement to address the security breach. See the press release below for more.

Press Release:

Important Customer Security Announcement

POSTED BY BRAD ARKIN, CHIEF SECURITY OFFICER ON OCTOBER 3, 2013 8:08 AM IN EXECUTIVE PERSPECTIVES

Cyber attacks are one of the unfortunate realities of doing business today. Given the profile and widespread use of many of our products, Adobe has attracted increasing attention from cyber attackers. Very recently, Adobe’s security team discovered sophisticated attacks on our network, involving the illegal access of customer information as well as source code for numerous Adobe products. We believe these attacks may be related.

Our investigation currently indicates that the attackers accessed Adobe customer IDs and encrypted passwords on our systems. We also believe the attackers removed from our systems certain information relating to 2.9 million Adobe customers, including customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders. At this time, we do not believe the attackers removed decrypted credit or debit card numbers from our systems. We deeply regret that this incident occurred. We’re working diligently internally, as well as with external partners and law enforcement, to address the incident. We’re taking the following steps:

  • As a precaution, we are resetting relevant customer passwords to help prevent unauthorized access to Adobe ID accounts. If your user ID and password were involved, you will receive an email notification from us with information on how to change your password. We also recommend that you change your passwords on any website where you may have used the same user ID and password.
  • We are in the process of notifying customers whose credit or debit card information we believe to be involved in the incident. If your information was involved, you will receive a notification letter from us with additional information on steps you can take to help protect yourself against potential misuse of personal information about you. Adobe is also offering customers, whose credit or debit card information was involved, the option of enrolling in a one-year complimentary credit monitoring membership where available.
  • We have notified the banks processing customer payments for Adobe, so that they can work with the payment card companies and card-issuing banks to help protect customers’ accounts.
  • We have contacted federal law enforcement and are assisting in their investigation.

We are also investigating the illegal access to source code of numerous Adobe products. Based on our findings to date, we are not aware of any specific increased risk to customers as a result of this incident. For more information, please see the blog post here.

We value the trust of our customers. We will work aggressively to prevent these types of events from occurring in the future. Again, we deeply regret any inconvenience this may cause you. If you would like additional information, please refer to Adobe’s Customer Support page.

Brad Arkin

Chief Security Officer

SOFTWARE NEWS ADOBE CREATIVE-CLOUD
You may also like
Adobe introduces cheaper Creative Cloud with Photoshop + Lightroom Poll: What concerns you most about Adobe's move to subscriptions? Photoshop CC: Adobe responds to reaction Adobe heralds subscription-only future for Photoshop and Creative Suite
Adobe introduces cheaper Creative Cloud with Photoshop + Lightroom
Sep 4, 2013
Poll: What concerns you most about Adobe's move to subscriptions?
May 8, 2013
Photoshop CC: Adobe responds to reaction
May 8, 2013
Adobe heralds subscription-only future for Photoshop and Creative Suite
May 6, 2013

Comments

Total comments: 122
12
aris14
By aris14 (1 hour ago)

Greed, greed, greed....

0 upvotes
rialcnis
By rialcnis (3 hours ago)

I've had the cloud since it started. I'd prefer it that Adobe dropped the cloud and slashed their program prices. I only use 4 of the programs and have used them prior to the cloud for years.

This is a major disaster for Adobe and a major wrning to all the major sftware companies.

I remember when Bill Gates was against the cloud idea years ago. He argued againstnthe Sun Computer slogan, "The computer is the cloud" or some such...

I am sick of having all these damn clouds havingto connect. In a perfect word without thieves, terrorists and with unlimited bandwidth, I wouldn't care.

It's always been obvious to me that the whole cloud/internet will become just dead letter boxes full of spam. People tend to be short-sighted and naive to threats in this crazy world.

I did get the email from Adobe. I hope what they are saying is true.

Comment edited 1 minute after posting
0 upvotes
Class Four
By Class Four (5 hours ago)

Adobe,
I don't want your stupid cloud. I'm never going to want it. I didn't want it before your cloud was hacked. If I can't own the next version of Photoshop then I've bought my last version. You have zero interest in filling the needs of your customers. You don't care about the wants and needs of your customers. You are only interested in trying to maximize profits by charging monthly fees and everyone knows it.

3 upvotes
Maxfield_photo
By Maxfield_photo (16 hours ago)

Tell me again why I'd want to rent my software instead of owning it?

3 upvotes
Lea5
By Lea5 (23 hours ago)

I never use my credit card for online payment and I don't do online banking for a good reason. I receive an invoice for all the stuff I buy online. I collect all bills to the end of the month and walk to my bank, a nice bank assistant get the paper stuff and transfer the money to the companies. The old way, but very safe way.

1 upvote
abolit66
By abolit66 (1 day ago)

I hope adobe learned the lesson that CC is not a good idea.
If I had CC membership I would've canceled it immediately.

Comment edited 14 seconds after posting
7 upvotes
DonnaRead54
By DonnaRead54 (1 day ago)

Well, I'm sure glad I was too poor to subscribe for even the lowest tier! Of course, if they got my credit card number, they'd have to make a payment before they could use it ;) I'm more inclined to subscribe NOW than before, however. Once hacked, twice as much security. Or at least that's the way it should work.

0 upvotes
JimmyTheHand
By JimmyTheHand (20 hours ago)

I suspect management will be thinking - Lightning never strikes twice in the same place

1 upvote
frank200
By frank200 (1 day ago)

http://rt.com/usa/adobe-hacked-krebs-hold-742/

2 upvotes
foivosloxias
By foivosloxias (1 day ago)

Maybe if we paid more?

0 upvotes
Marcin 3M
By Marcin 3M (1 day ago)

Personal data stolen-bad to customers,
Credit cards numbers stolen - also bad to customers.
But stolen source codes? Bad to adobe and their shareholders, but some competitors can benefit from some of its details. We can see some products that are using stolen technology, or we will see new law regulations about software patents, to kill free software (yes, I think this news is fake, and may be the element of fight about free competition).
But if there really was some hacks - the question is, how many information about new products (ad campaigns) were also stolen?

0 upvotes
michi098
By michi098 (1 day ago)

Yes, this can happen, but man, it sure happened at a bad time for Adobe. Makes you think twice abut subscribing with them. Not that I would anyway...

3 upvotes
toomanycanons
By toomanycanons (1 day ago)

Surprise surprise.

1 upvote
ThomasSwitzerland
By ThomasSwitzerland (1 day ago)

If you rent SW you lose control forever. Take online access for surfing only, reading news, simple mail; and keep your files hooked off. Convert your pictures with excellent camera vendor’s SW into TIFFs. Afterwards there are many “out of the box” choices.

The internet as we know it today will be dead in a couple of years. Adobe per now does not belong to this new road - just confirming old fashioned greed and corporate incompetence. Gets kicked out.

4 upvotes
Eric Hensel
By Eric Hensel (1 day ago)

How do you see the internet, as we know it, 'dying' in a few years...

Comment edited 1 minute after posting
0 upvotes
ThomasSwitzerland
By ThomasSwitzerland (1 day ago)

The internet seen as a „free platform“ for all like today will mutate. There will be paid exclusive platforms, unbreakable secure platforms, and a regional separated mix within global power centers like in Asia, Russia, Europe, South America with stringent controlled gateways to the outside. The security issues will be resolved. Admitted users will have more choices and privacy. I am not a futurist, just my technical opinion according to market needs.

0 upvotes
dodgebaena
By dodgebaena (8 hours ago)

I agree with ThomasSwitzerland. Somebody very soon will figure out a way to monetize the use of the internet.

0 upvotes
sebastian huvenaars
By sebastian huvenaars (1 day ago)

Trying to think of secure objects, a "cloud" wouldn't exactly pop to mind :)

5 upvotes
Fogsville
By Fogsville (1 day ago)

This isn't about cloud services. The service is not on the same servers as the source code or consumers personal information. Running programs from a cloud doesn't imply that a user's full personal information (aside from log-in and password) and credit card info can be accessed.

The stealing of source code is more worrisome than consumers personal info (which can be monitored and corrected by the consumer.) "While we are not aware of specific use of data from the source code, we fear that disclosure of encryption algorithms, other security schemes and software vulnerabilities can be used to bypass protections for individual and corporate data," said Hold Security's Holden. "Effectively, this breach may have opened a gateway for new generation of viruses, malware and exploits."

2 upvotes
Shamael
By Shamael (1 day ago)

certainly not, but, a cloud system is one more portal to access a company's server system. If you keep cloud in another separate network system, all is ok, but once you combine corporate system and cloud, you open doors, and hackers know where to find those doors. Make a product, put it in a box and sell it on store shelves or online. Adobe's greed policy turns against them. PS CC has been hacked and is available with cracks, just like any other version, thus, the "free" use is not the reason for cloud operations. Security system at Adobe where not as performant as their software, unfortunately for them.

Comment edited 2 times, last edit 2 minutes after posting
0 upvotes
Fogsville
By Fogsville (1 day ago)

"Cyber attacks are one of the unfortunate realities of doing business today. " -Brad Arkin, Chief Security Officer, Adobe.

Well, that is really more dependent on how much money and resources a company decides to put into their security efforts. To say it's 'just part of life' in the very first sentence of a public press release is simply passing the buck. btw, this breach occurred in August or probably earlier. It wasn't even discovered by Arkin, the "Chief Security Officer" but instead by third-party security researchers not even associated with Adobe (Brian Krebs and Alex Holden.) "Chief Security Officer" Arkin was asleep at the wheel.

Anyway, this incident does reflect on how much money and effort Adobe puts into their "security" and on their priorities as a company. And clearly Adobe hasn't had the most stellar track record in respect to its software security.

6 upvotes
Tan68
By Tan68 (1 day ago)

'asleep at the wheel'
It's called Tooncing.

1 upvote
m3
By m3 (1 day ago)

"And clearly Adobe hasn't had the most stellar track record in respect to its software security."
I'll re-phrase that:
And clearly Adobe hasn't had the most stellar track record in its respect to its customers.
So bollocks to 'em.

0 upvotes
W5JCK
By W5JCK (1 day ago)

I do NOT subscribe to their CC, nor ever have nor ever will. But I have purchased directly from Adobe. I do not remember if I set up any payment type info with them though, and after changing my password and logging in I was not able to locate any saved payment info. I'm hoping they did not save anything since it would not be necessary for non-CC purchasing. With CC purchasing I assume Adobe would require saving of payment info so they can collect their monthly extortion money.

2 upvotes
naththo
By naththo (1 day ago)

Sounds about right. If you purchase item fully this is once off payment. So they do not keep it for recurring. If it was subscription then yes they keep it for recurring every month.

1 upvote
Fogsville
By Fogsville (1 day ago)

I don't believe it's limited to cloud subscribers only. I'm not a subscriber but have purchased from Adobe in the past. Here is what their email to me said specifically: "If you have placed an order with us, information such as your name, encrypted payment card number, and card expiration date also may have been accessed. We also recommend that you monitor your account for incidents of fraud and identity theft, including regularly reviewing your account statements and monitoring credit reports. If you discover any suspicious or unusual activity on your account or suspect identity theft or fraud, you should report it immediately to your bank. You will be receiving a letter from us shortly that provides more information on this matter."

If you ever bought directly from Adobe (including any paid updates) and/or registered products with Adobe and/or have an Adobe log-in and password, then that personal info was breached.

1 upvote
W5JCK
By W5JCK (16 hours ago)

I have bought several products and updates directly from Adobe, but they have not sent me an email yet like the one Fogsville got.

0 upvotes
Fogsville
By Fogsville (12 hours ago)

Then Adobe feels that you're not one of the 2.9 million customers who were affected (although I'd change your Adobe password and just keep an eye on credit card transactions for a while.) My initial point was that this is not limited to Adobe Creative Cloud service subscribers. I don't think DPReview is completely correct in saying, "The attack exposes a weakness in the company's new Creative Cloud subscription model." What this really exposes is that businesses should not be storing CC and personal info for convenience's sake. It's not specific to their cloud services (and case in point, I'm not a cloud customer.)

From Adobe:
"If your Adobe ID and password were involved: Adobe has already reset your password. You will receive an email notification from Adobe with information on how to change your password. We are only notifying customers whose user ID and password were involved, and that process is already underway."

0 upvotes
Hugo808
By Hugo808 (1 day ago)

You may also like:

Poll: What concerns you most about Adobe's move to subscriptions?

I guess we all have an answer to that now!

2 upvotes
samhain
By samhain (1 day ago)

In case you didn't see Irata's post-
Here's the real story on what happened, and how:

http://krebsonsecurity.com/2013/10/adobe-to-announce-source-code-customer-data-breach/

3 upvotes
kurtizone
By kurtizone (1 day ago)

There are several security approaches that Adobe and every other cloud service should be using instead of those that expose a password on the wire. Just Google federated SSO or SAML or OpenID Connect. They package up a credit card number as a claim inside a digitally signed and encrypted token. The cloud service decrypts and unpacks the token, processes the credit card transaction and then deletes the credit card number from memory. The cloud provider doesn't need to store credit card info, where Chinese and eastern bloc criminals can get hold of them. How do you know if an online service, if it stores your card number, is encrypting or hashing your data? You don't and the cloud provider apparently doesn't care.
The world is moving to a cloud model for software-as-a-service. Yet SAML and other claims-based technologies aren't being widely adopted in spite of stupidities like those of Adobe.

1 upvote
cordellwillis
By cordellwillis (1 day ago)

No matter what, everything will have some form of flaw. I'm sure there are valid reasons to choose what they did. Unless you can see into the future even what you suggest here is not 100% hacker proof.

1 upvote
DuxX
By DuxX (1 day ago)

I hope that this will end any further thinking about renting and using cloud software. Cheers!!

10 upvotes
cordellwillis
By cordellwillis (1 day ago)

Why? It's an option. I like options. I opted not to "rent" the software. Some day I might decide to do so.

1 upvote
danmar
By danmar (1 day ago)

"We will work aggressively to prevent these types of events from occurring in the future."

How can we believe you since you didn't do this time? Or any of the hundreds of other times you left security holes in your software.

6 upvotes
MikeFairbanks
By MikeFairbanks (1 day ago)

My previous post is tongue-in-cheek, but the event is very real.

Adobe said the Creative Cloud is a year-long committment. But since I signed up via live chat with an Adobe rep, I believe I was mislead. I even appealed and was denied through the appeal process.

To require a year-long committment shows me that they don't have enough confidence in their product that you'll want to stay with them.

I'll continue buying stand-alone software in the future. I don't want a subscription-based service, especially one that locks you in for a set amount of time. That's just desperation, in my opinion.

Plus, all I really want is Photoshop Elements. I use Canon's FREE software for my raw files (it's almost as good as Lightroom and just as fast).

9 upvotes
RobertSigmund
By RobertSigmund (1 day ago)

Actually, Canon is better than Lightroom in RAW processing.

3 upvotes
MikeFairbanks
By MikeFairbanks (1 day ago)

I actually quit my Creative Cloud membership months ago, but Adobe doesn't seem to be handling our breakup very well. She told me I had a year-long committment that was in the terms of service, but I signed up via live chat, and was told differently. I was told that if I quit in the first thirty days I'd get a full refund, and then after that I could quit anytime (but wouldn't get refunded for the first month of usage beyond thirty days).

Again, this was during live chat.

Well, when we broke up, she laid all that on me and I said, "Look, it's not me. It's you." I wasn't happy with the service and, frankly, wasn't using it enough to justify the expense.

So she said I owed her alimony. She said I had to give her fifty percent (half) of the money for the remaining year-long contract. I told her I was signed up by a representative and wasn't told of the year-long committment.

Now she won't leave me alone. I get emails, bills, etc.

Adobe: Leave me alone! It's over.

3 upvotes
naththo
By naththo (1 day ago)

I don't think I really understand what your story really meant about what 30 days are you really talking about. Although I am sorry to hear you had problem with customer service which did not really handle it well. Although from what I am understanding is if you want to try out for 30 days but if you are not satisfy with, you should cancel it inside first 30 days before its too late. If you did cancel within first 30 days and Adobe will have no problem refund it back to you and cancel it indefinitely. But if its beyond thirty days and if this is on one year subscription, it is a sticky one, you cannot change it after 30 days. They would have assume you have commit to keep using it after 30 days so they assume that you want to keep it and pay per month for a year. Remember please read term and condition for agreement before apply the subscription.

0 upvotes
cordellwillis
By cordellwillis (1 day ago)

A bunch of stupid comments here. Do any of you bank online? It can happen anywhere.

3 upvotes
Eleson
By Eleson (1 day ago)

Well ...
I'm sure they are PCI-DSS audited and compliant. And then this should not happen.
So someone f*ed badly. And the credit card companies will not pay up for losses.
It is embarrassing that this can happen and says a lot.

3 upvotes
RobertSigmund
By RobertSigmund (1 day ago)

I don't, for good reason.

3 upvotes
MisterPootieCat
By MisterPootieCat (1 day ago)

Oops!

0 upvotes
Markintosh
By Markintosh (1 day ago)

Another good reason not to upgrade:( One thing it's to purchase software ones in 18 month, another is to store credit card info there forever because you are leasing the software. But nobody can be sure that Adobe is not store credit card info for person who purchased CS6, for example.

3 upvotes
naththo
By naththo (1 day ago)

Okay enough of defamation and flaming at Adobe. Its not worth it. It does not help when you do this. They can sue you for serious defamation as I see some of serious defamation going around. Some of what you said are so untrue. The truth is, its Adobe's fault for not keeping their system secured for your sensitive information like payment processing and customer profile information. It got nothing to do with software seriously. Fffsss I assume you haven't worn glasses to read properly what they said. It is to do with payment department and the customer information department that they did not keep it secured and its their fault. It hasn't said anything to do with software you are running.

Also it is customer responsible to keep their computer secured before using internet and purchase online by having a completed security suite installed as well. It is your responsibility too. Not just Adobe responsibility.

Comment edited 4 minutes after posting
1 upvote
dpalugyay
By dpalugyay (1 day ago)

Excuse me? Defamation? Adobe irresponsibly lost access to MY personal information. My address, e-mail, password, perhaps the keys to all my versions I have purchased of their software for the past 6 years, and MY CREDIT CARD INFO. You DO NOT get to defend them and their irresponsible IT practices to each of us. Unless you are an Adobe shill.

Comment edited 26 seconds after posting
5 upvotes
naththo
By naththo (1 day ago)

1. Adobe did not talk about software breach recently.
2. Adobe only did talk about hacker hacked into to steal customer information and payment information. Thats it.
3. People here are BEING so aggressive and assault against them is a defamation against them.
4. THIS TOPIC IS ONLY TALK ABOUT CUSTOMER INFO AND PAYMENT INFO, that is very clearly read outloud. So stay on topic. Adobe expect you to do the same too. Going way off topic with utterly rubbish rumour are just ridiculous. Attacking them about other than that like software and off topic against them are clearly a defamation against them. But of course we are rights to be angry but we have to be VERY careful what we are really doing in here. I am here to show that I am disappointed that their customer and payment department are not handling well and not keeping it secured. It got nothing to do with software.

And oh don't accuse me of working for Adobe. I do not work for Adobe. Full stop!

Comment edited 1 minute after posting
0 upvotes
InTheMist
By InTheMist (16 hours ago)

@naththo That is the weakest defense I've ever heard. Their behavior and ineptitude is indefensible.

2 upvotes
Biowizard
By Biowizard (1 day ago)

Bye bye Adobe Reader XI - never liked you anyway.

Just hope my Photoshop CS6 has not been compromised by source code hacks.

Brian

5 upvotes
skinnymakespretty
By skinnymakespretty (1 day ago)

they should have stick to doing software license, now they ef up with the community. good job adobe. well deserved.

2 upvotes
Husaberg Grok
By Husaberg Grok (1 day ago)

This is one reason why many organizations keep their workstations off the web.

3 upvotes
SRT3lkt
By SRT3lkt (1 day ago)

Creative Fraud

3 upvotes
Dennis
By Dennis (1 day ago)

Now, how about that; Adobe goes Open Source - unintentionally though!

Anyway; no more Acrobat Reader on my machines - seems to be one of the best documented platforms for security breaches...

3 upvotes
naththo
By naththo (1 day ago)

I was forced to change password today and had to go to bank but the bank had advised me there is no unusual transaction and is now good time to keep eyes on online banking for any unusual transaction if any then its time to change bank cards number and new pin issue to it. But got email from Adobe and I was informed that they (The hacker) had failed to decrypt my bank card anyway. So it may sounds like my bank card is safe. But Adobe once again said it is not 100% certain about that. So best keep eyes on any unusual bank activity. If any, go straight to bank and change it straight away. I am deaf and I cannot make phone call so only one way is go to bank during business week/hour. Such a shame to see this happen like that!

0 upvotes
ozgoldman
By ozgoldman (2 days ago)

I received two emails from Adobe but initially thought they were from scammers. In a way I guess they are as the result of scammers anyway.
I am told that credit card security in the US is way behind the rest of the world, and that the US do not have chip embedded cards yet, only the magnetic strip on the cards, which is dinosaur technology these days, and that encourages scammers to target US companies as they are seen as soft targets as security is so lax. Not sure if that is completely correct, but the crooks are getting pretty clever these days. Looks like I will be changing my credit car on Monday too. Do I send the bill to Adobe?

0 upvotes
Tan68
By Tan68 (2 days ago)

The chip cards require a PIN.

I only recently learned that a PIN can be set up for an American credit card.

In many cases, this doesn't change a thing because the credit card, like a debit card, can be used without the PIN. Same as it ever was.

The benefit to setting a PIN for the credit card is that the CC can then be used with in the PIN-enabled credit card world. This means you can use your credit card (with PIN) to buy a train ticket at a kiosk in Zurich. With no PIN, the CC is not accepted and you have to go to the ticket window, use the CC, and sign a receipt.

A debit card can be used at the kiosk because they have PIN.

Anyway and for what it is worth.
Yeah, I think the PIN system is better..

0 upvotes
Shamael
By Shamael (1 day ago)

the pin is a confirmation of authenticity, but serves to nothing in urban purchase. The pin code you enter in a card is what does it, and you can change it at any time. If someone uses a card with the good old rick rack machine, you need a signature on the voucher, and the Credit Card company has asked to anyone using a system like that to ask the card holder for an ID card. The real problem remains in online purchase by direct credit card transaction, if they have your data, and pin number, they can buy all they want, and, there is no control on the identity of the one who makes the operation. You can do that in any Internet café or wireless point at any time. So, better change the cards.

0 upvotes
Irata
By Irata (2 days ago)

If you want the real story about the attack rather than the watered down excuse that comes out of Adobe read the details here:

http://krebsonsecurity.com/2013/10/adobe-to-announce-source-code-customer-data-breach/

It turns out the "sophisticated" attack was just Adobe's own unpatched software.

8 upvotes
Impulses
By Impulses (1 day ago)

They establish that's a possibility but didn't say for certain... Either way, it can and has happen to any company, it's just kind of ironic that this would happen to Adobe because of their own software and while in the midst of the CC backslash.

The bigger revelation in that article is that the attack actually happened 2-6 WEEKS ago (there's two contradictory statements, at least the way I read it), and that Adobe was semi-clueless about the severity until the article's writer contacted them... At best it seems like they were aware but were trying to keep it hush. That's absolutely the worst possible way of handing a debacle like this.

It can happen to anyone, and at the end of the day it has little to do with cloud computing itself (the cloud might put you slightly more at risk but proper security layers like 2-step authentication can largely mitigate that), not being honest with costumers is by far a bigger issue IMO. I'd be far more trusting of a company that reacts faster, issues notifications in a matter of days etc (and plenty have done so under similar circumstances).

Honestly, the fact that this happened doesn't surprise me and wouldn't dissuade me from using CC, the fact that Adobe's handling it so poorly is far more newsworthy and DPReview should consider updating the post or following up with additional details.

Not forcing a password reset on next login is another huge gaffe on their part that only helps to empower the criminals that are already profiting from this. If Adobe doesn't compensate their costumers appropriately for their troubles (beyond the one year credit monitoring) I'd say they get an F for thhandling of the situation, which to me counts for more than the actual breach.

1 upvote
afterburn
By afterburn (2 days ago)

Oh ffs people, you don't like CC. We get it. We've heard it a million times. Move on. Use other software. But quit whining. It is getting old.

This has nothing to do with CC. How many of you have PayPal? Or Google Wallet? Or have an Amazon account? Or have shopped at online stores using your credit card? You think your data is safe there? This could happen to any company. Any person buying stuff through the internet from whatever source, no matter how reputable, runs the risk of their personal and creditcard details being stolen and abused. The only thing you can do about it is to buy at the most reputable stores you can find, don't let stores store your information regardless of the convenience and to check every line item on your creditcard statement every month. Or only use your creditcard in B&M locations, and pray the clerk isn't creating a copy of your card as he swipes it through the machine.

0 upvotes
cfh25
By cfh25 (2 days ago)

"...don't let stores store your information regardless of the convenience..." So you're saying, don't use subscription services who require ongoing monthly access?

15 upvotes
justinwonnacott
By justinwonnacott (1 day ago)

This has everything to do with creative cloud. I would not be having a monthly bill paid by credit card to Adobe if they let me purchase the software outright with no strings attached.

8 upvotes
cordellwillis
By cordellwillis (1 day ago)

justinwonnacott, I thought the software was still available to purchase outright. I know of people who have CS6. I'd like to know what you can't purchase without the subscription....I don't subscribe and was never interested so I don't know.

0 upvotes
afterburn
By afterburn (1 day ago)

@cfh25: no, that is not what I am saying. What I am saying is, that if you don't want to risk abuse, you should not do _any_ payments online with your creditcard.

This is no different than i.e. Apple or Google, who both require you to provide them with your creditcard details if you want to be able to purchase anything for their respective phones/stores. Think they cannot be hacked? What about PayPal/Ebay? Or Amazon?

But you knew that, and you were just trying to be smart and turn it around back to CC again.

@justinwonnacott: So Adobe is forcing you to use their software, no? They put a gun to your head and threatened to pull the trigger if you didn't sign up for CC and gave them your creditcard information, no?

@All: Again, this has nothing to do with CC. Every time you do a purchase online you take the risk that company or their payment provider gets hacked and your details abused. If you don't find that acceptable, use cash in B&M. Of course, you risk being mugged on the street.

0 upvotes
Eleson
By Eleson (1 day ago)

Yes it is related to CC. The handling of credit card numbers is regulated in Web shops. And is even more regulated if you're store wants to store the credit card number after the transaction.
And Adobe does seem like a company that handled that to well when they pushed CC.

1 upvote
JasperD
By JasperD (2 days ago)

I have CS6, PSE11 and LR4. Fair enough, I got the mailing with the warning too. A lot of negative vibrations out of that company lately. Very unsettling.

8 upvotes
Danny
By Danny (2 days ago)

Karma.

4 upvotes
M Jesper
By M Jesper (1 day ago)

As if their reputation could sink any further, it's their loyal members who get punished for trusting them, again. Not very good Karma is it.

Comment edited 20 seconds after posting
2 upvotes
Nukunukoo
By Nukunukoo (2 days ago)

Gonna change my credit card details now, just to be sure. X(

Comment edited 22 seconds after posting
0 upvotes
Lawrencew
By Lawrencew (2 days ago)

I am not sure why people are blaming this on Creative Cloud and seeing it as a "nail in the coffin" of Cloud Computing in general.

Even if customers had purchased physical 'bits-in-a-box' or purchased a one-off download of software they could use in perpetuity (such as Lightroom), they would likely still have done this by registering with Adobe and providing their credit card details, and ticking an option to allow Adobe to store those details as is common with many on-line retailers.

Creative Cloud and Cloud Computing changes little in that respect of of e-commerce.

What it does do I guess is focus all that activity on Adobe itself, rather than numerous retailers who would each of taken the transaction. So the problem is putting all your eggs in one basket. (something that Adobe could address by architecting it's systems in such a way that a single attack cant crack all the eggs)

Comment edited 4 minutes after posting
1 upvote
Mogens
By Mogens (2 days ago)

Well what CC does is to require you to always have current and correct information in the database of Adobe.
My information in their system was fortunately from an old out of date location and credit card so I should be safe.
Anyone in CC should change credit card to be safe.

3 upvotes
GodSpeaks
By GodSpeaks (2 days ago)

For one, the difference is the size of the target.

Adobe is a BIG target. On the other hand, a retailer is a much smaller target, even a retailer like B&H.

2 upvotes
abolit66
By abolit66 (1 day ago)

"I am not sure why people are blaming this on Creative Cloud"
Because adobe deserve it. every bit of it.

5 upvotes
Just a Photographer
By Just a Photographer (2 days ago)

Now we know why Adobe called their new suite 'Credit Card'.
First they hack the software, now they have hacked all customers credit cards.

6 upvotes
Hugo600si
By Hugo600si (2 days ago)

"which omits the 'bits-in-a-box' distribution method in favor of faster access to software updates through a monthly subscription"
I think its clear for all, it omits normal software distribution in favor of greed and control by a megalomanic company.

2 upvotes
Jon Lewis
By Jon Lewis (2 days ago)

Another nail in CCs coffin

2 upvotes
RStyga
By RStyga (2 days ago)

"Adobe reported what it called a “sophisticated” cyberattack on its network..." reports MacWorld Australia.

God forbid, if it wasn't "sophisticated", what would that mean for your security measures, right Adobe?

10 upvotes
Horshack
By Horshack (2 days ago)

Cue the AmEx commerical..."I bought a CC subscription and all I got was lousy rent-to-never-own software and an unauthorized charge to my credit card from some guy named Gunther who apparently likes to patronize foot-fetish porn establishments in Eastern Europe."

Comment edited 25 seconds after posting
22 upvotes
Ergo607
By Ergo607 (2 days ago)

A.D.O.B.E.
All Data Open in the Blink of an Eye

24 upvotes
GodSpeaks
By GodSpeaks (2 days ago)

Another nail in the coffin of Adobe and 'Cloud' computing in general.

13 upvotes
CameraLabTester
By CameraLabTester (2 days ago)

The thieves loved this.

Swiping small incremental amounts on a monthly basis sure does effectively goes under the radar of even the most scrutinizing bean counter accountant.

Those $5.95 on your statements could well be from them varmints...

.

5 upvotes
Stefanie
By Stefanie (2 days ago)

Thanks to the creative crap model, Adobe has to store a lot of creditcard information. I wouldn't be surprised if their encryption isn't that sophisticated and safe as they say. For me Adobe has lost any credibility and trust a long time ago.

13 upvotes
nunatak
By nunatak (2 days ago)

"Adobe is also offering customers, whose credit or debit card information was involved, the option of enrolling in a one-year complimentary credit monitoring membership where available."

as if this gets them off the hook. their security lapses are causing additional work (time and money) for all those involved, and at a bare minimum should compensate customers with a full years rebate or a full years free subscription. customer's choice. i trust Adobe to keep my data safe, and if they can't guarantee security they should go back to physical releases.

how many times should we renew our credit card numbers and passwords because of lame assed security? deeply aggrieved.

Comment edited 2 minutes after posting
11 upvotes
b534202
By b534202 (2 days ago)

Good luck if you're looking for more stuff.
Sony got hacked even harder and they still only gave people a year of credit monitoring and a 30 day subscription.

0 upvotes
Mark Alan Thomas
By Mark Alan Thomas (2 days ago)

A credit monitoring membership which auto-renews and is difficult to quit?

4 upvotes
Total comments: 122
12
Search on dpreview.com
Not a member? Register
Top cameras
Reviews and specs
Galleries
Challenges
Olympus PEN E-P5
Olympus PEN E-P5
16.1 megapixels
3 screen
Four Thirds sensor
Cameras receiving the most clicks in reviews and specs in the last five days.
Canon EOS 7D
Canon EOS 7D
18.0 megapixels
3 screen
APS-C sensor
Cameras by uploaded photos to galleries in the last five days.
Nikon D7000
Nikon D7000
16.2 megapixels
3 screen
APS-C sensor
Cameras by uploaded photos to challenges in the last 30 days.
Featured news stories
Latest galleries uploads
Image01DSC01532_v1-1Flower1Satriley13P9287053IMG_5607DSC_9529Maple LeafDSC_0133029 (1)Fairytale HouseLittle Boy Statue Closeup -- From IGP8017P8280427-2DSC_2518DSC_3967Come Closer... I Dare You20131005_132931_P1080563_miscGreat Egret DuskDSC_2592r2s6500 160s2DSC_8720MoirePA057018_web20131005_165201-1
769 in the last day, 1630122 total
dpreview TV
dpreview.com
connect.dpreview.com
gearshop.dpreview.com
Editorial content
Product database
Community
About us   Write for us   Advertise with us   FAQ   Feedback   Interest-Based Ads   Privacy   Legal
All content, design, and layout are Copyright © 1998 - 2013 Digital Photography Review All Rights Reserved. Reproduction in whole or part in any form or medium without specific written permission is prohibited.
Mobile site