Adobe hacked

IronheartIronheart Posts: 3,017Moderator
edited October 2013 in Other Manufacturers
In case you've been living under a rock, Adobe announced that nearly 3 million customer accounts have been compromised, including cc numbers. They are recommending changing your passwords and credit cards, as well as offering a free year of credit monitoring.

Comments

  • jonnyapplejonnyapple Posts: 131Moderator
    My account was affected, which made me thankful I hadn't ever given them my credit card number.
    CC is welcome. DC is also welcome when I deserve it.
  • NSXTypeRNSXTypeR Posts: 2,286Member
    This is excellent news, maybe Adobe will reconsider their subscription plan, since they care so much for their customer's personal information!

    :)
    Nikon D7000/ Nikon D40/ Nikon FM2/ 18-135 AF-S/ 35mm 1.8 AF-S/ 105mm Macro AF-S/ 50mm 1.2 AI-S
  • macsavageg4macsavageg4 Posts: 75Member
    And there is the rub with the monthly rent to use software model.
  • spraynprayspraynpray Posts: 6,545Moderator
    Thanks for the heads-up Ironheart, I've changed my details.
    Always learning.
  • PB_PMPB_PM Posts: 4,494Member
    This isn't the first time that this has happened to Adobe. Just another reason to avoid their cloud based services.
    If I take a good photo it's not my camera's fault.
  • You better avoid every cloud. Stay VFR (Visual Flight Rules, sorry could not resist).
    Those who say it can't be done, should not interrupt those doing it!
  • kenadamskenadams Posts: 222Member
    Anybody know who and what's been compromised? Only creativeCloud users or anyone who has done business over their webstores in the past?
  • PB_PMPB_PM Posts: 4,494Member
    Anyone who uses an Adobe signin.
    If I take a good photo it's not my camera's fault.
  • JK1231JK1231 Posts: 24Member
    The hack went public when security researchers found Adobe source code on a crimeware site. This link will tell you everything that is publicly know about the incident at present:

    https://krebsonsecurity.com/2013/10/adobe-to-announce-source-code-customer-data-breach/

    BTW, the above source, although not Adobe, is from one of the leading industry researchers, and I can vouch for their integrity and reliability.

    JK
  • haroldpharoldp Posts: 984Member
    Their user passwords were taken, which tells me that a one way cipher which has been the 'prudent man' standard for at least the last 15 years was not being used, else they would not know the password. This is an issue for people who use the same password on multiple sites since most use an email address as a user id.

    Since I never had a reason to give them a credit card, this particular is not a worry for me.

    Even if ones site and firewall are breached, using asymmetric ciphers, user info should be stored encrypted and never be directly readable.

    Adobe clearly cannot be trusted to run a cloud business, the point is not that they were breached, but that commonly accepted protocols for managing data even in the event you are breached were not followed.

    They may be very good at imaging software but their data management is amateur hour.

    Regards ... H
    D810, D3x, 14-24/2.8, 50/1.4D, 24-70/2.8, 24-120/4 VR, 70-200/2.8 VR1, 80-400 G, 200-400/4 VR1, 400/2.8 ED VR G, 105/2 DC, 17-55/2.8.
    Nikon N90s, F100, F, lots of Leica M digital and film stuff.

  • AdeAde Posts: 1,071Member
    Their user passwords were taken, which tells me that a one way cipher which has been the 'prudent man' standard for at least the last 15 years was not being used, else they would not know the password.
    Actually according to Adobe, the affected user passwords and credit card data were indeed "encrypted", and therefore they are "not aware of any specific increased risk" to users. It seems they are resetting user passwords out of abundance of caution.

    We don't have any details on how exactly the passwords and credit card data were encrypted or hashed.
  • haroldpharoldp Posts: 984Member
    Actually according to Adobe, the affected user passwords and credit card data were indeed "encrypted", and therefore they are "not aware of any specific increased risk" to users. It seems they are resetting user passwords out of abundance of caution.

    We don't have any details on how exactly the passwords and credit card data were encrypted or hashed.

    I was informed by Adobe to change my password at any site where I used the same password as on Adobe.

    This hints strongly that they were held 'clear' someplace.

    I of course have no specific knowledge as to Adobe's internal processes, nor should I.

    Regards ... H
    D810, D3x, 14-24/2.8, 50/1.4D, 24-70/2.8, 24-120/4 VR, 70-200/2.8 VR1, 80-400 G, 200-400/4 VR1, 400/2.8 ED VR G, 105/2 DC, 17-55/2.8.
    Nikon N90s, F100, F, lots of Leica M digital and film stuff.

  • AdeAde Posts: 1,071Member
    Again, the stolen passwords (and credit card numbers) were encrypted, according to Adobe:

    "Our investigation currently indicates that the attackers accessed Adobe customer IDs and encrypted passwords on our systems. We also believe the attackers removed from our systems certain information relating to 2.9 million Adobe customers, including customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders."

    http://blogs.adobe.com/conversations/2013/10/important-customer-security-announcement.html

    All else is speculation. Adobe could be wrong, the encryption scheme could be weak, etc., etc., but at this moment the only factual data point we have is Adobe's statement that the stolen passwords were encrypted.
  • IronheartIronheart Posts: 3,017Moderator
    Once you have the encrypted password, a dictionary attack would take very little time to "crack" the passwords for people that use dictionary words, names, or variations of these. Even complex passwords of short length (8 characters or less) can be cracked in a matter of hours. This is the reason Adobe is recommending a change.
Sign In or Register to comment.