October 3, 2013

Adobe Has Been Hacked. Millions of IDs, Passwords, & Payment Information Potentially Affected

If you've been one many who has jumped on the Adobe bandwagon in the past few years, especially with the new Creative Cloud version of their software suite, some of your information may have just been compromised. Adobe announced today that their servers were hacked and at least 2.9 million users have been affected. Information such as IDs and passwords, as well as credit and debit card numbers, may have been accessed and/or compromised. Check out more from Adobe and what you can do about the situation if your account information has been stolen.

Here's what they said about the hacking on their blog (emphasis mine):

Our investigation currently indicates that the attackers accessed Adobe customer IDs and encrypted passwords on our systems. We also believe the attackers removed from our systems certain information relating to 2.9 million Adobe customers, including customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders. At this time, we do not believe the attackers removed decrypted credit or debit card numbers from our systems. We deeply regret that this incident occurred. We’re working diligently internally, as well as with external partners and law enforcement, to address the incident. We’re taking the following steps:

  • As a precaution, we are resetting relevant customer passwords to help prevent unauthorized access to Adobe ID accounts. If your user ID and password were involved, you will receive an email notification from us with information on how to change your password. We also recommend that you change your passwords on any website where you may have used the same user ID and password.
  • We are in the process of notifying customers whose credit or debit card information we believe to be involved in the incident. If your information was involved, you will receive a notification letter from us with additional information on steps you can take to help protect yourself against potential misuse of personal information about you. Adobe is also offering customers, whose credit or debit card information was involved, the option of enrolling in a one-year complimentary credit monitoring membership where available.
  • We have notified the banks processing customer payments for Adobe, so that they can work with the payment card companies and card-issuing banks to help protect customers’ accounts.
  • We have contacted federal law enforcement and are assisting in their investigation.

So what it looks like is that all of the credit or debit card information they believe has been accessed is still encrypted, and nothing that had been decrypted was accessed. While it seems the passwords were encrypted, they are taking the extra step of resetting those passwords, and if you were one of the people affected, you should be getting an email. The same goes for those who have had credit or debit information accessed -- you'll be getting an additional email from Adobe.

They also believe that source code was hacked for a number of programs:

Adobe is investigating the illegal access of source code for Adobe Acrobat, ColdFusion, ColdFusion Builder and other Adobe products by an unauthorized third party.  Based on our findings to date, we are not aware of any specific increased risk to customers as a result of this incident.

Obviously this isn't a good development for a company that has faced quite a bit of backlash over its new Creative Cloud-only software options. They still have not addressed many of the concerns about accessing your old projects in the future if you stop paying, though they have done a very good job releasing significant updates well before they would have with older versions of CS (which is one of the reasons they had stated for moving to Creative Cloud versions of software).

If you were affected, you should be getting an email soon from Adobe about the situation and what you can do to help better protect yourself from any sort of identity theft or fraudulent charges.

Links:

[via Macrumors]

Your Comment

51 Comments

Great! Just days after a hacker used my bank details to try and buy shit online! Awesome :(

What I want to know is how they did this!

On the negative side this seriously sucks and they better be compensating us CC members for the incompetent lack of security.

On the plus side - hats off to NFS for actually writing an article that doesn't show Adobe in a glowing ball of heavenly light :) Not that I'm suggesting you wouldn't, it's just been a while and it's nice to have it reaffirmed that you aren't that biased.

Now - off to change about 13 passwords... FFS... :(

October 3, 2013 at 9:16PM, Edited September 4, 11:21AM

0
Reply
Kraig

Ps. I just need to state this before people get it twisted... Don't get me wrong. Horses for courses here - they should probably offer more options for perpetual licenses for people who don't want to be tied in but I actually upgraded from cs6 and I'm stoked with CC (hacking aside - shit happens). To me I would want the next full release a year or two down the line, I just would. I would see the shiny new features and think "yep - I need those". That's just me, I'm a geek, so for me Creative Cloud works WAY better than boxed versions because paying out £2500 in one go is just something I can't afford where as £15-£45 per month is realistic. Don't want people to go thinking I'm hating here, I'm just super pissed about the screw-up! If they sort it out and offer some sort of compensation then we're all gravy Adobe x

October 3, 2013 at 9:43PM, Edited September 4, 11:21AM

0
Reply
Kraig

"oh come to the cloud is better"...."oh come to the cloud is more creative"...."oh come to the cloud is cheaper"...."oh come to the cloud we give you 20GB of cloud space instead of storing it in your 1TB hard drive"......"oh come to the cloud you only need to be paying us forever"...."oh come to the cloud where everything is the same as if you save things in your own storage but with cloud if something is screwed up millions of people will loose their work and even can get their credit card hacked and buy a girlfriend from Russia..." "oohhh our cloud is hacked...F**k you costumer..."

I must say that I'm kind of happy.

October 3, 2013 at 9:21PM, Edited September 4, 11:21AM

1
Reply
jesuan

Wow. If you don't like it, don't buy it. No need to act like a spoilt child...

October 4, 2013 at 2:14AM, Edited September 4, 11:21AM

0
Reply

ok...I will say it in another words. If you don't like my comment....don't comment it!!!

October 4, 2013 at 7:52AM, Edited September 4, 11:21AM

1
Reply
jesuan

If you legally purchased the software from them, your credit card info was probably in the system anyway. This isn't just a Creative Cloud issue.

October 5, 2013 at 11:06PM, Edited September 4, 11:21AM

4
Reply
August

I have CS6 Production Premium and got the email. So it is definitely not just CC involved.

October 10, 2013 at 5:34PM, Edited September 4, 11:21AM

0
Reply
Ross T

I hope they come out in their next installment with an alternative to the cc thing, i never liked the subscription idea to begin with

October 3, 2013 at 9:37PM, Edited September 4, 11:21AM

1
Reply
thadon calico

I haven't received an email yet but damn, I'll be waiting for one.

October 3, 2013 at 10:00PM, Edited September 4, 11:21AM

0
Reply
Jason

New there was a reason I got a phish attempt from some Adobe site look-a-like a few days ago. DON'T log on and give out info from email link about this folks unless YOU instigate by going to an Adobe site first to log in... don't compound the problem and become a victim from a phisher trying to "help" you.

October 3, 2013 at 10:34PM, Edited September 4, 11:21AM

0
Reply

good thinking. I hadn't thought of that. I did initiate the change password email but didn't think of that.

October 3, 2013 at 10:46PM, Edited September 4, 11:21AM

1
Reply
Jason

The Adobe greed service got hacked. Even the software itself was hacked days after it was released.

So the pirates are safer.

October 3, 2013 at 10:50PM, Edited September 4, 11:21AM

0
Reply
moebius22

A PR shitstorm of the highest order.

On a side note does anyone know if the big October update with sending from premiere to speed grade without rendering has launched. I'm really liking SG though better roundtripping with resolve 10 would be the bomb!

October 3, 2013 at 10:55PM, Edited September 4, 11:21AM

0
Reply
Peter

lol, adobe really should have seen this coming. retards.

October 3, 2013 at 10:57PM, Edited September 4, 11:21AM

2
Reply
Tyler

I would really like to know what kind of security they had in place for all this personal data they were collecting and if they cheapskated the security in order to increase the bottom line and make the stock more valuable. Please find and tell that story!

October 3, 2013 at 11:29PM, Edited September 4, 11:21AM

0
Reply
Dennis

Why is this news?! Adobe products are hot on the market and hackers go after what is hot.....my two cents....the cloud is useless 20GB really?!?!

October 4, 2013 at 12:04AM, Edited September 4, 11:21AM

4
Reply
Al

YOU ALL DESERVE IT FOR SIGNING UP FOR CLOUD SERVICES

October 4, 2013 at 2:21AM, Edited September 4, 11:21AM

2
Reply
john jeffries

you're silly

October 4, 2013 at 8:20AM, Edited September 4, 11:21AM

0
Reply
Jason

I use the service for Premiere CC. I'm not worried.
I have a few rules that I'm often amazed my millennial co-workers haven't already figured out:
Always use a unique password - if possible, use a unique email address per service. I find an email/password combo much easier to remember than a list of just passwords.
Have a card (credit or debit) that has a prepaid/low limit and is not tied to your other accounts specifically for online services. Its worth the extra (minor) hassle.
If possible (and I realise it isn't for most) use a business bank account.
Don't ever sign up to a cloud service in haste - that's where people get lazy and that's what the thieves are counting on.

As to this being a blackeye for Adobe, it could be anybody - you think Amazon or Apple are any more secure? I'm more confused why they wanted the raw code for Acrobat :-)

Re the cloud - scream all you want, its where this business is going.

October 4, 2013 at 2:48AM, Edited September 4, 11:21AM

1
Reply
marklondon

I honestly do believe Amazon and Apple are more secure

October 4, 2013 at 3:30AM, Edited September 4, 11:21AM

0
Reply
ABC123

My iTunes account got hacked. The thieves bought some videos. Apple could tell it wasn't me and deleted the charges.

October 4, 2013 at 9:59AM, Edited September 4, 11:21AM

1
Reply
Tom

I believe that's called 'faith'. And its sadly misplaced.

October 4, 2013 at 11:15AM, Edited September 4, 11:21AM

0
Reply
marklondon

Business bank accounts are not refundable, as far as I know, when usurped.

October 11, 2013 at 3:03AM, Edited September 4, 11:21AM

5
Reply
Rob Manning

Got the email - sucks.

Time to change all my passwords.

October 4, 2013 at 3:17AM, Edited September 4, 11:21AM

0
Reply
Andy

I find this hilarious as it's not the first time. I'm pretty sure sooner or later adobe will have to start offering the "regular" version again, or loose a considerable customer base. If you look at how more and more people just buy older versions of their software and get off of CC it makes sense.

October 4, 2013 at 3:39AM, Edited September 4, 11:21AM

0
Reply
zeke

I would not wait for a letter from Adobe, contact your bank now!!

They can hack Adobe so breaking the encryption on the credit card info - will be child's play.

October 4, 2013 at 8:15AM, Edited September 4, 11:21AM

0
Reply
David

Wait - what?

October 4, 2013 at 1:58PM, Edited September 4, 11:21AM

0
Reply
Kraig

So how is this CC's problem? Regular customers would've been affected the same way, all the credit card info is still stored on their servers encrypted.

And wow, some posters seem like 14 years olds here.

October 4, 2013 at 8:24AM, Edited September 4, 11:21AM

0
Reply
mikko löppönen

You're right, I think it affects all customers. Anyone with an account I assume.

October 4, 2013 at 8:26AM, Edited September 4, 11:21AM

0
Reply
Jason

oh yeah!!! we are all rational adults in the internet...

October 4, 2013 at 9:32AM, Edited September 4, 11:21AM

0
Reply
jesuan

...except one, hey Jesuan?

October 4, 2013 at 11:19AM, Edited September 4, 11:21AM

2
Reply
Joan

yeaaah!!! Except me!!! And I'm proud of it!!!!

October 4, 2013 at 12:41PM, Edited September 4, 11:21AM

0
Reply
jesuan

"Adobe to announce release of CS6.5 on Monday"

October 4, 2013 at 8:26AM, Edited September 4, 11:21AM

0
Reply
Pat

I got an email this morning. It looked legit but it was from an email address that was just enough off to be suspicious. So went straight to adobe.com rather than clicking through anything on the email. And the emails Adobe sent me to reset my password that I initiated from their site came from a very different email portal. So be ware. I might be overreacting. It might have been a legit email to begin with, but these are sophisticated thieves, they are not "Nigerian Princes". So be careful with your information.

October 4, 2013 at 9:39AM, Edited September 4, 11:21AM

0
Reply

I just don't see what any of this has to do with the Creative Cloud service, as a model—my Adobe account settings and payment information didn't change when I moved from a boxed version to the subscription. People who are bitter about Creative Cloud are just looking for an excuse to poke fun at it again.

I do agree, though—Adobe better beef up security if they plan to store payment info.

October 4, 2013 at 10:36AM, Edited September 4, 11:21AM

0
Reply

The whole reason for all the hacking lately is CC.

October 4, 2013 at 12:50PM, Edited September 4, 11:21AM

3
Reply
zeke

i just dont like this whole idea cc c'mon Adobe just lets keep it the manual ways

October 4, 2013 at 11:27AM, Edited September 4, 11:21AM

0
Reply
WILL

I was one of the lucky ones that got an email about this around 2am this morning. I'm hoping that changing my password will be good enough, and that my banking information hasn't been compromised.

Ironically, I had just had a conversation with somebody last night about how happy I am with the Creative Cloud and how Adobe has done a great job with keeping things affordable while still rolling out new features. Fuck me, right? Haha.

October 4, 2013 at 12:01PM, Edited September 4, 11:21AM

0
Reply

This is because they started fucking creative claud... Who will like recurring billing???? I hate it....

October 4, 2013 at 12:10PM, Edited September 4, 11:21AM

1
Reply
Sergey

Adobe should give everyone that was effected a free month for October or November or evan better both. I don't think it would be fair if some people find out that their identity was stolen and they now have to go through the hassle of fixing that problem on top of having to pay Adobe CC for the month. I didn't sign up to be hacked, there customer service team better be ready. Or else they are going to have many upset customers. If they didn't switch over to just the CC and we still had our box sets none of this would of happened. I would of had my box set with my serials put away nice and safe.

October 4, 2013 at 2:04PM, Edited September 4, 11:21AM

4
Reply
bert

I got the official e-mail, links point back to Adobe. This is unfortunate for them. Oh well--I'm glad I moved over to a password managing service earlier this year. Now I don't have to worry about changing 30 other weak passwords at the same time...just the Adobe account.

October 4, 2013 at 2:56PM, Edited September 4, 11:21AM

3
Reply

What Adobe should do is let people who want to quit their service and were auto-renewed into an annual membership cancel their membership without having to pay an additional 6 months due to the contract. CC has not worked for me once yet, and I don't feel like trouble shooting all their software when I have other software that can handle what I need.

October 4, 2013 at 5:00PM, Edited September 4, 11:21AM

0
Reply
Chase

Ah crap. I am worried. Do you think they will use my credit card?

October 5, 2013 at 1:21AM, Edited September 4, 11:21AM

2
Reply
Greg egan

So...question. Could anyone possibly post the text in the actual Adobe email? I got an email sent to my spam folder and I deleted it before I realized what I was doing, but I don't know if that was a phishing email or the real thing. 'Twould be greatly appreciated, thanks!

October 5, 2013 at 4:23AM, Edited September 4, 11:21AM

0
Reply
Pete

You don't need the email. If you go to adobes site and try to sign in, that'll promote and email with a link to reset your password. The email will be instantaneous.

October 5, 2013 at 12:07PM, Edited September 4, 11:21AM

1
Reply
Jason Dunphy

I wonder who Adobe is renting their security software from?

October 10, 2013 at 5:39PM, Edited September 4, 11:21AM

0
Reply
Phil Ramuno

They should just plain forget cloud computing. The most dreadful idea ever. If nobody signed up then the business would fail and they would have no choice but to return to hard copies. The only thing I keep on the net is a website. Everything else stays local - where I can see it and no one else has access to it.

October 11, 2013 at 12:59AM, Edited September 4, 11:21AM

3
Reply

Offtopic: Are you based in Mombasa?

October 11, 2013 at 1:36AM, Edited September 4, 11:21AM

0
Reply

nice and well done.
useful info.

November 1, 2013 at 11:32AM, Edited September 4, 11:21AM

0
Reply

Thanks for sharing your thoughts. I truly appreciate your efforts and
I am waiting for your next write ups thanks once again.

December 29, 2013 at 11:21PM, Edited September 4, 11:45AM

0
Reply

This is a real pain - it's more that my details are now available for all to see and try my details on other sites.

You can also try out this site: www.wasmypasswordhacked.info - it lets you search on username or email for known security breaches.

January 13, 2014 at 10:31AM, Edited September 4, 11:45AM

1
Reply