Previous news story    Next news story

Adobe hack affects 38 million users, not 2.9 million

By dpreview staff on Oct 30, 2013 at 18:00 GMT

A security breach at Adobe Systems earlier this month is more widespread than first reported.

Adobe now says hackers stole information from at least 38 million customer accounts, including part of the source code to Photoshop, the widely used photo editing software. According to Adobe spokeswoman Heather Edell, they believe a lot of the breached data consists of inactive IDs and test accounts. 

A few weeks ago, on October 3, Adobe reported a cyber-attack on 2.9 million user accounts where encrypted personal data were stolen along with source code for Acrobat, ColdFusion and ColdFusion Builder. Edell said the company is still investigating the breach and is notifying affected customers. 

If you're a Creative Cloud subscriber and haven't already done so, it's a good idea to change your Adobe password and monitor your financial accounts. Go to Adobe's Customer Security Alert page if you have more questions and learn what to do if your account was part of the attack. 

Have you been contacted by Adobe? 

Via: Reuters

Comments

Total comments: 158
12
UncoyDP
By UncoyDP (1 month ago)

Now all of those emails are being flogged to spammers. In the last week I've started to get a ton of spam email on three special addresses given only to Adobe.

http://foliovision.com/2014/03/adobe-spammers-emailias

0 upvotes
paul simon king
By paul simon king (5 months ago)

OK so I got a letter, "quick -" I thought " go to adobe site, find out which cards I have used there and cancel them" -except I can't find which they were on Adobe site...someone must know....?

as an aside they REALLY should have known this would be tried so how they failed to protect against it is flaming negligence IMO

0 upvotes
Andy Moreton
By Andy Moreton (5 months ago)

Sophos (anti-virus vendors) are now reporting that 150 million Adobe user records have been breached. The passwords were encrypted (which is bad, they should have been hashed) and no salt was added to the password so it is easy to determine which users have the same passwords. The password hints are unencrypted so in many cases there are numerous password hints for the same password which will make password guessing much easier. And the encryption method used was triple-DES which is obsolete, using ECB mode which is not as secure as CBC mode. Basically Adobe did all the things security people have been advising not to do for several years.

EDIT: check whether your email address is on thelist here:
https://lastpass.com/adobe/

Comment edited 3 minutes after posting
1 upvote
gmblack1910
By gmblack1910 (5 months ago)

Well, I couldn't resist the Photographers "Special" of $9.99 mo....just a chance to keep my feet on both sides of the fence--but still have the last one I "bought (CS5) ready and waiting. The promise that next year's subscription is guaranteed over the phone, but not on your receipt, so...we will see.?
When they rumored/threatened if a person doesn't buy CS6, they cannot "upgrade" again ?? (i.e. start over at full price??) I said, well, that is $$$ talking, rather than putting out a better product. I have also upgraded in one year, and, then, it wasn't really worth it...
I have tried one of the NEW software suites--just not that good--maybe been using PS too long..? or., there are always hidden gems in there AND more than one way to do things...and plug-ins, etc..abundant.
I am retired and just enjoying all photography and the new painting options are really great--I just love Art in general-and Pictures too..
I am still wondering "Where IS the Cloud?"

0 upvotes
Charlie Collins
By Charlie Collins (5 months ago)

And you want us to subscribe to and use the Cloud?
Just another reason I would not subscribe to any programs such as yours - if I can't buy it and use it here I don't need it.

A formerly happy customer.

2 upvotes
eyes-open
By eyes-open (5 months ago)

According to the Adobe website, what was stolen was "encrypted credit card numbers." Unless the hackers work for the NSA, it's unlikely that they can break the encryption. I have not heard any reports of actual credit card fraud as a result of the breach. The notifications are precautionary.

What you're more likely to see are phishing attacks, so be extra careful about email and check the header for the actual address they were sent from to make sure it's an Adobe domain (or the domain of whoever the sender claims to be).

This kind of breech could happen to pretty much any company. Even Google, considered to be among the most security-conscious companies in the business, got hacked by the NSA. Unless you want to opt out of the internet entirely, security issues are a new fact of life. And sometimes it's hard to tell the good guys from the bad guys.

0 upvotes
HawaiiVolcanoes
By HawaiiVolcanoes (5 months ago)

I'll say it again...there is no actual reason to ever give Adobe your credit card information...for anything....and yes..you can still use their software unabated...seriously

0 upvotes
Dmitriy Balashov
By Dmitriy Balashov (5 months ago)

Another 35.1 naillions into the Adobe clouffin cover. ;-)

0 upvotes
Alternative Energy Photography

So we can all complain about Adobe's subscription cloud service, and to be sure, Adobe deserves heaping tons of scorn and steaming derision to match their treatment of their customers.

Adobe has responsibility here, yes. But did they commit crimes? Actual crimes, I mean. Probably not.

Identity theft could be cut down to a very small percentage of its current occurrence if only we would make the punishment truly stiff and painful. Physically painful, even.

Right now, it's a slap on the wrist and no action at all if the perps are in a country where no punishment exists.

I submit to you that maybe THIS is the true root cause of the problem.

Identity theft should carry a 10-15 year sentence with no more than 5% time off for good behavior. Repeat offenders should never get out.

But that would be more harsh than the punishment for murder, which is pretty much only 8-10 years, with 40% to 60% off for "good behavior". Sigh.

0 upvotes
jderrico
By jderrico (5 months ago)

I agree. I think hackers, and virus and worm creators, whose only intent is to cause pain and suffering, are among the most degenerate among us. They think its fun to screw up someone's computer, or someone's life, or an organization's files, etc., and then brag about it. The only protection for society is to lock these people away for their entire lives, or kill them. If someone changes a school grade or steals a credit card number to buy a 25-dollar item. Lock them away--they will only get worse, and be thankful that we caught them early, before the really serious damage occurs. And please, I really don't want to hear from all the bleeding-heart liberals on this subject--and for all you psychologists: stay away!

0 upvotes
photosecosse
By photosecosse (5 months ago)

Fascist !

0 upvotes
stern
By stern (5 months ago)

Cloud... suuure! I'm currently in the process of switching to DXO Optics pro. Adobe asked for it.

2 upvotes
Rylee Isitt
By Rylee Isitt (5 months ago)

I use CC... there's nothing "cloud" about it, despite the name. It runs off my HD like every other piece of Adobe software I've ever used.

The only difference is now you pay a monthly fee and, presumably, get perpetual updates to never versions as long as you keep paying.

I think they do have some actual cloud-based features, like uploading images and such, but I haven't actually experimented with them.

What was stolen was their database, containg user details, hashed passwords, maybe stuff like purchase history and so on. Every company has one. DXO Optics has one. It can be stolen too.

Comment edited 31 seconds after posting
0 upvotes
Timmbits
By Timmbits (5 months ago)

HAHAHAHAHAHA

they asked for it... moving everyone to subscription!

ROTFLMAO

4 upvotes
Rylee Isitt
By Rylee Isitt (5 months ago)

Even prior to CC, most people I know with legitimate copies of Adobe products bought them directly from Adobe online. In which case those account details were already there, prior to CC.

Moving to subscription mode surely increased the size of their customer database, but I wouldn't say it's to blame here.

1 upvote
LarryK
By LarryK (5 months ago)

Why can't the NSA fix this stuff?

0 upvotes
jderrico
By jderrico (5 months ago)

Excellent question, Larry. They're probably too busy spying on easy targets like you, me, and our allies. Gee, you want them to go after hackers that are constantly disrupting our society and our country? I don't know--that sounds like hard work!

0 upvotes
fastprime
By fastprime (5 months ago)

Adobe CC = Adobe Compromised Creditcard

Comment edited 42 seconds after posting
5 upvotes
Nukunukoo
By Nukunukoo (5 months ago)

!!!

0 upvotes
Cogset
By Cogset (5 months ago)

I received email and snail mail. Like others, the snail mail offered a credit watch service through experian.

Not a CC customer yet so my CR card was not stored there.

0 upvotes
Rylee Isitt
By Rylee Isitt (5 months ago)

I haven't heard from Adobe, but I got an e-mail from Sony's Reader Store (they sell ebooks that use Adobe DRM) that I should change my passwords with Adobe. Funny to hear the news from Sony, but not Adobe!

0 upvotes
snegron2
By snegron2 (5 months ago)

Does this only affect those who have subscribed to Adobe via their cloud service, or are users of older versions of Photoshop at risk as well?

1 upvote
Tom Goodman
By Tom Goodman (5 months ago)

My guess is the original number of accounts reportedly compromised represent the number of CC subscribers and the larger number, reported later, represent the total number of customers with records on file (active and inactive). So, you have your answer though in typical fashion, Adobe did not provide it!

1 upvote
alatchin
By alatchin (5 months ago)

Thanks for the notice. Password changed.

0 upvotes
RickBuddy
By RickBuddy (5 months ago)

I've received both email and snail mail notices. The snail mail version offered me free credit checks through Experian.

Not happy. They are just passing the buck. I thought a digital pioneer like Adobe would treat security more seriously.

I'm hoping Apple can develop a Photoshop killer soon.

0 upvotes
FreedomLover
By FreedomLover (5 months ago)

Would Apple be any better?

0 upvotes
Timmbits
By Timmbits (5 months ago)

@freedomlover: I think the point is, to have a product that isn't subscription based.

Guys, there was a review of photoshop alternatives not so long ago, on this site. Some are free.

Comment edited 14 seconds after posting
0 upvotes
justinwonnacott
By justinwonnacott (6 months ago)

Why is Adobe's stock performing so well ? This news seems to have haad little effect.

0 upvotes
FreedomLover
By FreedomLover (5 months ago)

Few are venting here. Most probably just suck up.
Also not sure you can trust stocks.

1 upvote
Alternative Energy Photography

Stock is performing so well because the cloud based subscription model is currently successful and popular.

Not with me, I will never do this. But it is popular and Adobe's revenue and earnings have risen. This is a major reason that a stock goes up. Another reason is that the books are being cooked, which I think is always a possibility that should be considered.

At some point, however; it will stop. It has to stop, and there are many possible reasons for this: New competitor with a better (or cheaper) product, new ways of doing things, disinterest by the customer base, a bad economy causing people to drop their subscriptions, etc.

The point is, eventually, Adobe will run out of new people to sign up for the subscription, which will cause revenue and earnings to level off and go sideways (or downward). This will probably signal a top in the stock. You saw what happened to Apple stock. And Microsoft before it. This is a common lifecycle for stocks.

0 upvotes
Michael Ma
By Michael Ma (6 months ago)

I got a physical letter from Adobe in the mail saying watch out for fraudulent charges to my credit card in the future. Any one else get that? I'm surprised that all of you didn't. With that said, features in Adobe CC rock. Little annoying things that they probably held off on, are all here. It saves me significant time in my workflow on a daily basis.

The updates are so good in fact, on some days, I forget to worry about my credit card being used randomly by a stranger because Adobe forgot to encrypt their information.

Comment edited 2 times, last edit 6 minutes after posting
0 upvotes
acidic
By acidic (6 months ago)

I got the letter, but I'm holding off on CC for as long as I can. My current workflow with software I own, free of payments, is just fine for the time being.

Had Adobe released CS7, I very likely would have upgraded. Not like they need our money or anything. Oh wait a second... they do.

1 upvote
TRichards
By TRichards (6 months ago)

I haven't been contacted by Adobe, but I have already received one SPAM email at the email address that is unique to Adobe. The spammers work fast.

Comment edited 40 seconds after posting
1 upvote
ericok
By ericok (6 months ago)

Adobe are the same guys trying to migrate everyone to the cloud?

Comment edited 22 seconds after posting
2 upvotes
Optimal Prime
By Optimal Prime (6 months ago)

Hell knows no fury as an adobe customer scorned.

4 upvotes
brycesteiner
By brycesteiner (6 months ago)

So is Adobe in charge of the new Healthcare website? Perhaps, running on the same servers? I knew there was some kind of connection!

4 upvotes
Kelliann
By Kelliann (5 months ago)

No that's got to be Yahoo - they destroyed their email and Groups (forums) services with hideous new software nicknamed NEO. Only they could have wrecked the healthcare site in this fashion.

0 upvotes
sebastian huvenaars
By sebastian huvenaars (6 months ago)

adobe creative fog

6 upvotes
tabloid
By tabloid (6 months ago)

Most probably a inside job……disgruntled employee.

1 upvote
EssexAsh
By EssexAsh (6 months ago)

do we think the NSA were out to bolster their collection of cat photos?

3 upvotes
OneGuy
By OneGuy (6 months ago)

I got notification from Adobe (looked legit) saying I should change my pw. I do not have an account with Adobe and hence no pw (Adobe Reader is the only thing I have on my PC and it is not automatically updated).

I don't want to have an account with Adobe (I dislike Adobe very much) and I hope that, whatever these guys stole, it would not allow them to Trojan-horse my PC.

If this is CWII (Cold War II), Adobe with their govt. leverage and reach with crappy products and management would be a primary target.

1 upvote
aris14
By aris14 (6 months ago)

Poor Adobe Live... What a publicity...!

0 upvotes
gefrorenezeit
By gefrorenezeit (6 months ago)

Happy that i stopped doing business with them by the time they wanted to take me hostage for using their products and sorry for the ones who do not have a choice.

6 upvotes
Alternative Energy Photography

I'm not sorry for others. They made their bed. Some like sleeping in it; good for them until they can't pay one day. Others will toss and turn the very first night. Life goes on.

0 upvotes
Michel J
By Michel J (6 months ago)

@ plastique2

The whole 38 millions accounts was hacked by the N$A through Adobe itself?

I don't understand, thanks to explain to me. ;-)

Comment edited 4 times, last edit 6 minutes after posting
0 upvotes
plastique2
By plastique2 (6 months ago)

Did I say or write "The whole 38 millions accounts was hacked by the N$A through Adobe itself?" No, I didn't. So what exactly do you not understand?

1 upvote
Debankur Mukherjee
By Debankur Mukherjee (6 months ago)

........my compliments to the hackers.........

4 upvotes
RichRMA
By RichRMA (6 months ago)

Hijacked by Adobe to the "cloud." Woo-pee.

2 upvotes
arhmatic
By arhmatic (6 months ago)

I am here for the comments.

Quality entertainment!

16 upvotes
drdancm
By drdancm (6 months ago)

I'm currently still on hold with Experian who is the provider for the complementary 1 yr credit monitoring. This is the fourth time I am on the phone with them and they are still unable to get me to login under my newly created account, at protectmyid.com.

I have wasted at least 4 hrs on the computer and on the phone. It has been 3 days that I have been unable to get the account working. I spoke with 3 different very nice reps who have done all they know to fix the problem but I still get the same message that my login is unsuccessful and I need to either e-mail support or call them at the provided phone number.

5 upvotes
threeOh
By threeOh (6 months ago)

Give it up. They are worthless.

1 upvote
Dvlee
By Dvlee (6 months ago)

A recent program on 60 Minutes reported that getting any response. much less getting the credit beureaus do fix any errors or problems is next to impossible. The way the credit agencies operate is a travesty. In this era if cyber crime and identity theft, we need a system that actually works for the consumers. That doesn't help you (or me) now.

The best suggestion I can make is gp tp your bank, ask them to reissue the credit card with a new number, so the number they have stolen will be invalid. Under circumstances of a credit card number being hacked, the bank can issue a new credit card number while retaining the history of the original credit account.

1 upvote
Richard Briscoe
By Richard Briscoe (5 months ago)

I spoke with my bank and we decided to cancel my card and have a new one with a different number be issued. I am still trying to see if Adobe will do something about providing an alternate means of payment that does not involve leaving a credit card number on their server. We shall see.

0 upvotes
Dan Tong
By Dan Tong (5 months ago)

Day 5 and Experian tech support left a message telling me to call them at a different phone number. I did, and it got me to the same non-tech support people who once again sent me a new temp password which failed the exact same way.
I heard on the news that Experian was screwing up with authenticating the Affordable Care web site stuff -as if that effort wasn't having enough competency problems.
However, Experian supervisor told me that my account is monitored, even though I cannot login, and that if any suspicious activity is detected they will send an e-mail. I asked her to look and she said there wasn't anything suspicious at this point.

1 upvote
Optimal Prime
By Optimal Prime (6 months ago)

Karma is truly a nasty bitch.

8 upvotes
Marla
By Marla (6 months ago)

I just purchased (local store) a copy of PSElements. Am I correct in assuming uploading and using this on my pc will not be a problem if I do not register it. Correct?

Maria

0 upvotes
FreedomLover
By FreedomLover (6 months ago)

Maria, the only way to be relatively safe is to work on a separate computer with no internet connection and no wireless options or wireless capable printers or other devices like phones or cameras connected, and to always have two separate sets of backups.

In the case of Adobe software, since hackers had access to the source code, even if they didn't modify it, they can now exploit any in-built backdoors and other weaknesses.

0 upvotes
guinness2
By guinness2 (6 months ago)

Don't let get scared. If it works without registration, you're fine. Its code wasn't hacked, AFAIK.
If you have to register just now and create new Adobe account, or changed your password, you're fine, too.
Only thing you should consider is, whether you had the same password for Adobe account and other logins, then you must change them.
If it is your habit or necessity to use credit card online and Adobe has the number, watch the transactions more often, that's all. Set a limit to online transactions, if possible.
I for one use Paypal or cash on delivery and never give my CC number, more than absolutely necessary. YMMV in US or UK.

Comment edited 5 minutes after posting
1 upvote
Dan Tong
By Dan Tong (5 months ago)

You're right.

0 upvotes
Marla
By Marla (5 months ago)

Thanks to Freedomlover & Guinness..

Just one more question...since I'm somewhat "technically challenged." I purchased my laptop about one year ago. It came with Adobe Reader....and I've been getting reminders to upgrade Adobe Flash. I use the original password that I set it up with only to get into my computer when I turn it on. Any chance Adobe has access to the PW or other info on my computer? Also is it safe to upgrade if I don't have to register it? Thanks again!

0 upvotes
jderrico
By jderrico (5 months ago)

Marla,
I don't see any reason for you to register PS Elements. As long as you keep the sales receipt or e-mailed invoice the warranty should not be a problem. And, yes, uploading and using PS Elements on your computer should not be a problem.

0 upvotes
Augestflex
By Augestflex (6 months ago)

Not happy that my account was compromised. The letter I received from Adobe mentions that in some cases Adobe's encryption software was used to decrypt information before it left their network. So yeah, now, in addition to changing passwords I need to worry about my credit card and potential fraudulent charges. Honestly, if it isn't already a practice, companies that have breeches of these nature should be fined for their inability to protect important financial and private data of their customers.

10 upvotes
J Wilkerson
By J Wilkerson (6 months ago)

Apparently Adobe notified my credit card company about the "incident", as they call it. The company sent me a letter plus a new card. Saved me the trouble of requesting a new one, and the old one is canceled now. I agree, a fine of some sort would be appropriate.

3 upvotes
zkz5
By zkz5 (6 months ago)

"So yeah, now, in addition to changing passwords"

How many passwords do you have to change? You should be using a different password for everything...

2 upvotes
Beestripe
By Beestripe (6 months ago)

Should, being the operative word. Reality is, most people have the same password for everything.

1 upvote
plastique2
By plastique2 (6 months ago)

No need to panic. All this was hacked by NSA and CIA and who not else a long time before. So they maybe know who hacked Adobe now ;)

7 upvotes
new boyz
By new boyz (6 months ago)

Luckily, I'm not an Adobe user.

4 upvotes
Joe Mayer
By Joe Mayer (6 months ago)

How many black eyes can Adobe endure? This is not a riddle but tragic reality. A loss of customer's data, encrypted or not, causes customers to be rattled. Worrisome too is the newly revealed loss of photoshop source code along with the code of acrobat. I wonder if Adobe still realizes the full extent of the attack or if more is yet to come.

3 upvotes
zkz5
By zkz5 (6 months ago)

"Worrisome too is the newly revealed loss of photoshop source code along with the code of acrobat"

Why?

0 upvotes
Steve_
By Steve_ (6 months ago)

I'm not a software developer, but I can't feel that step one in the creation of a truly competent competitor for any of the Adobe products (save Lightroom) would be to throw away the Adobe source code. Cobbled-together horse-apples with an inept interface, if you ask me.

What I can't understand is how Lightroom is so good, and how they can continue to sell their cross-bred family of uneven and inconsistent garbage alongside it. Powerful as Photoshop is, I've never seen it as reasonable to expect your users to learn Adobespeak for every single action and concept just to search help on the simplest task. Which you have to do at every turn, because every conceivable aspect of the application is barely even identifiable much less usable compared to modern and competent Windows applications. Unusable junk to me.

3 upvotes
lasvideo
By lasvideo (6 months ago)

Thinking of signing up for the @adobe Creative Cloud? Some of these horror stories might change your mind. http://forums.adobe.com/community/creative_cloud

Remember to change your passwords and check your bank account for the next several month to make sure the hackers that got all that sensitive data from Adobe don't access your accounts.

New Adobe Survey. If you are not happy with CC being the only choice, let them know. http://deploy.ztelligence.com/start/survey/survey_taking.jsp?PIN=16BNF7XXXKLNX

1 upvote
FreedomLover
By FreedomLover (6 months ago)

Indeed, and many reporting the same.

"Several times in the last coule of days, files I have been working on have disappeared both from my hard drive and from CreativeCloud.com.
This is very distressing because I was under the impression that the syncing of files was going to provide me with additional back-up rather than having Adobe just arbitrarily delete my files!"

"Actually, it has been two weeks now and there has been no resolution to the problem. I have received no explanation for what is going on or any update on the status of the inquiry. I've been told "we're working on it" but I can't tell if they are just saying that hoping that I will give up"
http://forums.adobe.com/message/5801658#5801658

I still think the hackers are in the boardroom.

1 upvote
zkz5
By zkz5 (6 months ago)

"Remember to change your passwords"

Never use the same password for more than one thing

1 upvote
CameraLabTester
By CameraLabTester (6 months ago)

The damage of trust to the Adobe brand is almost unquantifiable.

A slow motion Mount St. Helens sliding down silicon valley...

Second rated graphic software, this is your time.

.

Comment edited 1 minute after posting
4 upvotes
RStyga
By RStyga (6 months ago)

I'm going to second a lot of messages here. The only people I sympathise with are the ones whose private/financial information were stolen. As for Adobe... profit at your own peril.

1 upvote
Northgrove
By Northgrove (6 months ago)

This came so soon after the CC suite that I think they're directly related. A disgruntled person who happened to have hacking skills?

3 upvotes
moogle73
By moogle73 (6 months ago)

My thoughts as well, although I doubt it was a singular person, and more of a group like "anonymous" but not necessarily them. Adobe got alot of people upset with the CC suite, and the discontinued selling on disks model, and its only reasonable to believe with the vast number of upset people, some of them are apart of these hacking organizations.

0 upvotes
moogle73
By moogle73 (6 months ago)

I also love the "according to adobe's spokesperson, they believe a lot of the breached data consists of inactive id's and accounts" to try to make 38 MILLION ACCOUNTS! sound better, like O its no big deal that the real number is actually more than 10 TIMES what we originally thought, we will just say its all "old or test accounts" and try to sweep it under the rug like its no big deal...

Gota love corporate greed.

Comment edited 50 seconds after posting
6 upvotes
intruder61
By intruder61 (6 months ago)

karma...adobe thought it smart to charge extortionist prices in australia....who pays for anything adobe anyway.

1 upvote
moogle73
By moogle73 (6 months ago)

I said it before, and Ill say it again...

Adobe, how bout you go back to what your good at, make good software, sell it to your customers on disks like the good old days, and let me (and every other customer) keep our own files secure... thanks.

- From a customer who is no longer a customer as I refuse to buy into your "rent my software" extortion scheme.

33 upvotes
intruder61
By intruder61 (6 months ago)

+1

2 upvotes
ozgoldman
By ozgoldman (6 months ago)

I had one email from Adobe, and improved my security facilities as a result, but last week I got a letter from my bankers saying that someone had tried to use my credit card OS. Not sure if this is associated with Adobe hacking at all, but new card is on the way etc. and old card closed down.

1 upvote
chj
By chj (6 months ago)

glad I bought a boxed adobe product

3 upvotes
Total comments: 158
12