QUICK LINKS:VideosSample ImagesCamera TimelineLink Directory
connect.dpreview.com geasrshop.dpreview.com
NewsReviewsBuying GuideSample ImagesArticlesCamerasLensesPhonesPrintersSoftwareForumsGalleriesChallenges
NewsOctober 2013
 Previous news story    Next news story

Adobe accounts hacked, data exposed for 2.9 million customers

Oct 3, 2013 at 22:51:00 GMT
Print view Email

Cyber attackers breached Adobe's security recently, compromising data on 2.9 million customers. Data accessed includes 'customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders,' according to a company blog post.

The attack exposes a weakness in the company's new Creative Cloud subscription model, which omits the 'bits-in-a-box' distribution method in favor of faster access to software updates through a monthly subscription. Adobe says it's working with law enforcement to address the security breach. See the press release below for more.

Press Release:

Important Customer Security Announcement

POSTED BY BRAD ARKIN, CHIEF SECURITY OFFICER ON OCTOBER 3, 2013 8:08 AM IN EXECUTIVE PERSPECTIVES

Cyber attacks are one of the unfortunate realities of doing business today. Given the profile and widespread use of many of our products, Adobe has attracted increasing attention from cyber attackers. Very recently, Adobe’s security team discovered sophisticated attacks on our network, involving the illegal access of customer information as well as source code for numerous Adobe products. We believe these attacks may be related.

Our investigation currently indicates that the attackers accessed Adobe customer IDs and encrypted passwords on our systems. We also believe the attackers removed from our systems certain information relating to 2.9 million Adobe customers, including customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders. At this time, we do not believe the attackers removed decrypted credit or debit card numbers from our systems. We deeply regret that this incident occurred. We’re working diligently internally, as well as with external partners and law enforcement, to address the incident. We’re taking the following steps:

  • As a precaution, we are resetting relevant customer passwords to help prevent unauthorized access to Adobe ID accounts. If your user ID and password were involved, you will receive an email notification from us with information on how to change your password. We also recommend that you change your passwords on any website where you may have used the same user ID and password.
  • We are in the process of notifying customers whose credit or debit card information we believe to be involved in the incident. If your information was involved, you will receive a notification letter from us with additional information on steps you can take to help protect yourself against potential misuse of personal information about you. Adobe is also offering customers, whose credit or debit card information was involved, the option of enrolling in a one-year complimentary credit monitoring membership where available.
  • We have notified the banks processing customer payments for Adobe, so that they can work with the payment card companies and card-issuing banks to help protect customers’ accounts.
  • We have contacted federal law enforcement and are assisting in their investigation.

We are also investigating the illegal access to source code of numerous Adobe products. Based on our findings to date, we are not aware of any specific increased risk to customers as a result of this incident. For more information, please see the blog post here.

We value the trust of our customers. We will work aggressively to prevent these types of events from occurring in the future. Again, we deeply regret any inconvenience this may cause you. If you would like additional information, please refer to Adobe’s Customer Support page.

Brad Arkin

Chief Security Officer

SOFTWARE NEWS ADOBE CREATIVE-CLOUD
You may also like
Adobe introduces cheaper Creative Cloud with Photoshop + Lightroom Poll: What concerns you most about Adobe's move to subscriptions? Photoshop CC: Adobe responds to reaction Adobe heralds subscription-only future for Photoshop and Creative Suite
Adobe introduces cheaper Creative Cloud with Photoshop + Lightroom
Sep 4, 2013
Poll: What concerns you most about Adobe's move to subscriptions?
May 8, 2013
Photoshop CC: Adobe responds to reaction
May 8, 2013
Adobe heralds subscription-only future for Photoshop and Creative Suite
May 6, 2013

Comments

Total comments: 130
12
Horshack
By Horshack (3 days ago)

Cue the AmEx commerical..."I bought a CC subscription and all I got was lousy rent-to-never-own software and an unauthorized charge to my credit card from some guy named Gunther who apparently likes to patronize foot-fetish porn establishments in Eastern Europe."

Comment edited 25 seconds after posting
23 upvotes
Ergo607
By Ergo607 (3 days ago)

A.D.O.B.E.
All Data Open in the Blink of an Eye

24 upvotes
GodSpeaks
By GodSpeaks (3 days ago)

Another nail in the coffin of Adobe and 'Cloud' computing in general.

13 upvotes
CameraLabTester
By CameraLabTester (3 days ago)

The thieves loved this.

Swiping small incremental amounts on a monthly basis sure does effectively goes under the radar of even the most scrutinizing bean counter accountant.

Those $5.95 on your statements could well be from them varmints...

.

5 upvotes
Stefanie
By Stefanie (3 days ago)

Thanks to the creative crap model, Adobe has to store a lot of creditcard information. I wouldn't be surprised if their encryption isn't that sophisticated and safe as they say. For me Adobe has lost any credibility and trust a long time ago.

13 upvotes
nunatak
By nunatak (3 days ago)

"Adobe is also offering customers, whose credit or debit card information was involved, the option of enrolling in a one-year complimentary credit monitoring membership where available."

as if this gets them off the hook. their security lapses are causing additional work (time and money) for all those involved, and at a bare minimum should compensate customers with a full years rebate or a full years free subscription. customer's choice. i trust Adobe to keep my data safe, and if they can't guarantee security they should go back to physical releases.

how many times should we renew our credit card numbers and passwords because of lame assed security? deeply aggrieved.

Comment edited 2 minutes after posting
11 upvotes
b534202
By b534202 (2 days ago)

Good luck if you're looking for more stuff.
Sony got hacked even harder and they still only gave people a year of credit monitoring and a 30 day subscription.

0 upvotes
Mark Alan Thomas
By Mark Alan Thomas (2 days ago)

A credit monitoring membership which auto-renews and is difficult to quit?

4 upvotes
justinwonnacott
By justinwonnacott (3 days ago)

Now I am mad ... I do not want to rent anymore. I hope this becomes big news so that every potential rental customer knows about this catastrophe.

28 upvotes
BJN
By BJN (3 days ago)

Bob.brown in comments at Ars Technica: "Adobe has not reset customer passwords. Instead, after you log in, there's a link to a "Customer security alert" which provides instructions for resetting your own password.. In other words, customers who do not log in regularly are (apparently) waving in the wind. I was able to sign in a minute or so ago with my old password."

I can confirm this is true. If you have an Adobe account you have to log into your account (Adobe Forums will do it) to get a reset request. Adobe was hacked back in August, by the way.

22 upvotes
fireplace33
By fireplace33 (2 days ago)

changing your Adobe password sounds like a wise step, but if the thieves allready have all your credit card details, then maybe that card should be changed as well?

3 upvotes
GrizzlyAK
By GrizzlyAK (3 days ago)

Seems like criminals would forget about Adobe, Microsoft, and every other company out there. They only need to hack the NSA since they have all the relevant information on EVERYONE! <grin>

6 upvotes
GrizzlyAK
By GrizzlyAK (3 days ago)

The Cloud is a joke. Anyone who would put their personal or corporate data, or creative work, willingly into the hands of a vendor that you have to pay rent to to use their products (or any company, for that matter), isn't serious about data security, or is just uninformed. I recently bought CS6 Master anticipating that it will be the last Adobe product I buy, ever, i.e., if the 'cloud' is the future for Adobe products. This is not a business model we end users want for the future of SW. That wouldn't be an option to users of CC. All you photographers and creatives ask yourself this: What happens 5 years from now when you've stopped paying rent and someone wants to pay you a premium for that fantastic PS file you created from that perfect image. Um... Go ahead, commit to a 12 month lease so you can access the file. Yeah, didn't think so.

27 upvotes
BJN
By BJN (3 days ago)

You can do the more expensive monthly option, but I agree with your main point. With many Adobe applications, as versions increment ahead files are no longer backwards-compatible either. I'm on Creative Cloud and despise it. There have been file-corrupting bugs - Photoshop text attributes interacting with layers is one - and Adobe rolls out new features that break things even as you must update in order to patch older issues.

5 upvotes
LIMD
By LIMD (2 days ago)

That is the new model of software distribution - release constantly untested software and release patches and patches for patches...

If I'm not wrong google started this with Chrome versions, firefox catched on it and rest followed.

I preffer old release cycle...

2 upvotes
Jim Radcliffe
By Jim Radcliffe (3 days ago)

Adobe and its shareholders made themselves a target for this. Is anyone really surprised?

9 upvotes
thx1138
By thx1138 (3 days ago)

Oh yeah, this was never going happen. The Cloud is the future, the Cloud is your friend, the Cloud is secure and without end and with Adobe in tow you'll spend, spend , spend.

31 upvotes
Zanziboy
By Zanziboy (3 days ago)

Information security is just an oxymoron. As long as companies and governments entrust the management of their server networks to outside agencies, there will always be hacks like this.

0 upvotes
Henry M. Hertz
By Henry M. Hertz (3 days ago)

let´s see what john nack has to say... im pretty sure he is working on excuses all day.

i hope people wake up some day.
it´s not only adobe... all this data mining and cloud stuff is crap.

learn to protect your privacy!

5 upvotes
ecm
By ecm (3 days ago)

The real story is how few of us actually care WHAT happens to Adobe any more.....

33 upvotes
Henry M. Hertz
By Henry M. Hertz (3 days ago)

+1

2 upvotes
howardroark
By howardroark (3 days ago)

Nobody deserves to have their personal information stolen, but this is one of the consequences of allowing a company to have all your current credit information for a subscription service. Adobe can't be trusted to secure your information or take care of its loyal customers that want to simply buy a license. Suck it, Adobe.

5 upvotes
zmotula
By zmotula (2 days ago)

I decided to bite the bullet about ten years ago after going through an activation hell with my legit copy of Fireworks. (My sin was that I forgot to deactivate the copy on my machine before I reinstalled the OS.) I swore never to let any Adobe software on my computer any more and every time I see a news story about Adobe, I am happy about that decision.

1 upvote
sebastian huvenaars
By sebastian huvenaars (2 days ago)

Well, i kinda care. I very much like using Adobe's software, seeing them destroying their self like they do is a sad thing.

Does this mean i feel sympathy for Adobe? Not a bit, greedy fckrs haha :P

Comment edited 47 seconds after posting
2 upvotes
Robert Kovacs
By Robert Kovacs (3 days ago)

Adobe's great "secure" Creative Cloud. They can keep it!!.

12 upvotes
sportyaccordy
By sportyaccordy (3 days ago)

Welcome to the cloud!

12 upvotes
Optimal Prime
By Optimal Prime (3 days ago)

Poetic justice.

15 upvotes
garyknrd
By garyknrd (3 days ago)

+1

1 upvote
chuirox
By chuirox (3 days ago)

The real story here is that little paragraph about access to source code. They got the Acrobat source code, and if you think Acrobat was a dangerous vector before, wait a month or two. PDFs are going to be so toxic that no company in their right mind will be running Acrobat. If ever there was a time for FoxIt, Nuance, or some other PDF software, it's now.

7 upvotes
zoob
By zoob (3 days ago)

wow. You are so right.

1 upvote
Higuel
By Higuel (2 days ago)

? o_O

0 upvotes
Digitall
By Digitall (3 days ago)

I think Hackers hates Adobe, also. The pressure of the shareholders and the rush of profit led to neglect of safety, a word that both Adobe sells this product is safety. How can we be sure of our work in the sophisticated Adobe. Who sows the wind, reaps the whirlwind. Nice one Adobe.

9 upvotes
Diopter
By Diopter (3 days ago)

keeping simple may be popular again some day

11 upvotes
moogle73
By moogle73 (3 days ago)

Adobe, how bout you go back to what your good at, make good software, sell it to your customers on disks like the good old days, and let me (and every other customer) keep our own files secure... thanks.

- From a customer who is no longer a customer as I refuse to buy into your "rent my software" extortion scheme.

46 upvotes
Eric Sorensen
By Eric Sorensen (3 days ago)

My thoughts exactly.

4 upvotes
SETI
By SETI (2 days ago)

+100
Was 15 years with Adobe and now I'm glad I'm not in CC

2 upvotes
NancyP
By NancyP (3 days ago)

Nothing here suggests that the damage is limited to CC customers. People who bought their software outright may also be at risk.

8 upvotes
shoevarek
By shoevarek (3 days ago)

This is a good point. If I remember correctly one must create account in order to buy software like Lightroom or PS directly from Adobe. I do not remember what credit card payment system they use but they might be storing that information too if you buy online.

0 upvotes
howardroark
By howardroark (3 days ago)

Only with the option to purchase your software you can buy a disc from anywhere and even use cash should you so desire.

1 upvote
windsprite
By windsprite (2 days ago)

Not me. I paid cash for mine at a brick and mortar shop.

3 upvotes
Graham Hill
By Graham Hill (3 days ago)

Great job Adobe! Way to go, to make the cloud so attractive!

14 upvotes
glasswindow
By glasswindow (3 days ago)

Nobody ever said clouds were secure.

1 upvote
moogle73
By moogle73 (3 days ago)

worst part is, if I were a betting man, that is the whole point of this "security breach" make the cloud solution even LESS appealing than it already is. More times than not, corporations don't get hacked until they step on the wrong toes and make the wrong people mad, then they become a target. If I were a betting man, with how many people got upset with their "cloud only services" and no longer selling software outright that they are pushing. I would bet you had more than your share of people who use adobe products who are also apart of the larger hacking groups out there (like anonymous, but not saying it was them) hence putting them on "the list" as a target. They wanted to make sure there was a breach, smearing adobe's cloud services as unsecured, foolish, and hopefully creating even more backlash than what already exists. In my eyes its pretty clear whats going on here, but that would be "if I were a betting man" situation.

2 upvotes
mike kobal
By mike kobal (3 days ago)

neither are glasswindows ;)

0 upvotes
RobertSigmund
By RobertSigmund (3 days ago)

One more reason to do without Adobe in the future.

27 upvotes
Total comments: 130
12
Search on dpreview.com
Not a member? Register
Top cameras
Reviews and specs
Galleries
Challenges
Olympus PEN E-P5
Olympus PEN E-P5
16.1 megapixels
3 screen
Four Thirds sensor
Cameras receiving the most clicks in reviews and specs in the last five days.
Olympus OM-D E-M5
Olympus OM-D E-M5
16.1 megapixels
3 screen
Four Thirds sensor
Cameras by uploaded photos to galleries in the last five days.
Nikon D7000
Nikon D7000
16.2 megapixels
3 screen
APS-C sensor
Cameras by uploaded photos to challenges in the last 30 days.
Featured news stories
Latest galleries uploads
MV5-8317964IMG_5151_Gymnothorax_javanicusBerriesd46beb66521b4986b0c100ff1cb1e8f0_editedSwiss Rail Track to MurrenDSC08392MetersDSC00035Teton Pass Early SnowIMGP25866270592442_915a9809da_oD71_4318 copyImage 120120824-00001-2L1074678D70_3327Tobacco Farm20120702_011_Montreal_DSC0023P1190771adjcrSea Fan in natural lightbeach Sunset copyPA060015M3:2 Sharpened, 3456x2304
934 in the last day, 1630464 total
dpreview TV
dpreview.com
connect.dpreview.com
gearshop.dpreview.com
Editorial content
Product database
Community
About us   Write for us   Advertise with us   FAQ   Feedback   Interest-Based Ads   Privacy   Legal
All content, design, and layout are Copyright © 1998 - 2013 Digital Photography Review All Rights Reserved. Reproduction in whole or part in any form or medium without specific written permission is prohibited.
Mobile site