Jump to content

Attention all Adobe users!


AwfulArchdemon

Recommended Posts

You may receive a letter in the mail stating that a third party has illegally obtained personal information from it's customers. The statement will say the following:
-------------------------------------------------------------------------------------------------------------------------------------------------------------------
Dear [Nexus member]:
On behalf of Adobe Systems, I am writing to inform you about an incident that involved information about you. We recently discovered that, between September 11 and September 17, an unauthorized third party illegally accessed certain customer order information. We take the security of personal information very seriously and deeply regret that this incident occurred.
We began investigating the incident as soon as we learned of it. Although our investigation is ongoing, we believe that the third party likely removed from our systems certain customer names, payment card expiration dates, encrypted payment card numbers, and other information relating to customer orders. In addition, the third party used our systems to decrypt some card numbers. We have not been able to confirm that any decrypted card numbers were removed as a result of this access to our systems. We have contacted federal law enforcement and the banks processing payments for Adobe, and are assisting in their investigation of this incident.
We recommend that you closely review the information provided in this letter for some steps you can take to help protect yourself against the potential misuse of of your personal information. As a precaution, we have arranged for you (at your option) to enroll in a complimentary one-year credit monitoring membership. We have engaged Experian to provide you with it's ProtectMyID Alert membership, which provides daily credit monitoring of the Experian credit Bureau, fraud resolution assistance, and identity theft insurance. You have until February 28, 2014 to activate this complimentary credit monitoring membership by using the following activation code: ADB******. This code is unique for your use and may not be shared. To enroll, please visit http://www.protectmyid.com/adobe or call (866) 578 5413.
-------------------------------------------------------------------------------------------------------------------------------------------------------------------
Adobe's Chief Security Officer, Brad Arkin, signs the back of the letter.
Adobe
PO Box 483
Chanhassen, MN 55317
Be careful. Adobe has apparently been stolen from. Your personal information may or may not have been stolen. I am investigating this further, and will divulge more information as it becomes available to me.
----------------------------------------------------------------------------------------------------------------------------------------------------
Adobe
Customer security alert

What happened?

Adobe's security team recently discovered sophisticated attacks on our network, involving the illegal access of customer information as well as source code for numerous Adobe products. We believe these attacks may be related. We are working diligently internally, as well as with external partners and law enforcement, to address the incident.

Read the FAQ

What do I need to do?
  • If your Adobe ID and password were involved: Adobe has already reset your password. You will receive an email notification from Adobe with information on how to change your password. We are only notifying customers whose user ID and password were involved, and that process is already underway.
  • Changing your password: If you have not yet received a notification but would like to change your password on any Adobe service, you may do so at any time. Change your Adobe ID password.
  • Passwords and IDs for specific Adobe services: Adobe ID is a separate system from the user ID and logins associated with EchoSign, Behance, TypeKit, Marketing Cloud, and Connect Pro. If you use the same password for your Adobe ID and any of these services, please change your passwords for these other services as well.
  • Other websites: As a precaution, we also strongly recommend that you change your password on any website where you may have used the same user ID and password as your Adobe ID and password.
  • Protect yourself against non-legitimate email “phishing” attempts: If you received an email requesting you to change your password, and you’re concerned whether it is legitimate, don't click any links in the email. Instead, type www.adobe.com/go/passwordreset into your browser to be sure. How to recognize phishing attempts.

 

U.S. and Canada

1-866-412-8699

View all phone numbers

Frequently Asked Questions
What information exactly did the attacker gain access to?

Our investigation currently indicates that the attackers accessed Adobe customer IDs and encrypted passwords on our systems. We also believe the attackers removed from our systems certain information relating to 2.9 million Adobe customers, including customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders. At this time, we do not believe the attackers removed decrypted credit or debit card numbers from our systems.

We are also investigating the illegal access to source code of numerous Adobe products. Based on our findings to date, we are not aware of any specific increased risk to customers as a result of this incident.

How did Adobe discover this incident?

Adobe's security team discovered suspicious activity during regular security monitoring

How did this happen?

Our investigation is still ongoing. Cyber attacks are one of the unfortunate realities of doing business today. Given the profile and widespread use of many of our products, Adobe has attracted increasing attention from cyber attackers.

What is Adobe doing in response?

As a precaution, we are resetting relevant customer passwords to help prevent unauthorized access to Adobe ID accounts. Customers whose user ID and password were involved will receive an email notification from Adobe with information on how to change their password. We also recommend that customers change their passwords on any website where they may have used the same user ID and password.

We are in the process of notifying customers whose credit or debit card information we believe to be involved in the incident. Customers whose credit or debit card information was involved will receive a notification letter from us with additional information on steps they can take to help protect themselves against potential misuse of personal information about them. We have also notified the banks processing customer payments for Adobe, so that they can work with the payment card companies and card-issuing banks to help protect customers' accounts.

U.S. only: Adobe is also offering customers, whose credit or debit card information was involved, the option of enrolling in a one-year complimentary credit monitoring membership.

We continue to work diligently internally, as well as with external partners, to address the incident. We have contacted federal law enforcement and are assisting in their investigation.

What is the geographic scope of the customer information involved in the incident?

Adobe customers worldwide provide us with account information, so we are taking the precaution of resetting relevant customer passwords and notifying any customers who have provided us with their credit or debit card information.

Is Adobe working with law enforcement on its investigation?

Yes.

How do customers know the information they share with Adobe is secure moving forward?

We value the trust of our customers. We will work aggressively to prevent these types of events from occurring in the future. We are working diligently internally, as well as with external partners and law enforcement, to address the incident.

How will customers know if their information was accessed?

As a precaution, we are resetting relevant customer passwords to help prevent unauthorized access to Adobe ID accounts. Customers whose user ID and password were involved will receive an email notification from Adobe with information on how to change their password. We also recommend that customers change their passwords on any website where they may have used the same user ID and password.

We are in the process of notifying customers whose credit or debit card information we believe to be involved in the incident. Customers whose credit or debit card information was involved will receive a notification letter from us with additional information on steps they can take to help protect themselves against potential misuse of personal information about them.

Is Adobe software itself vulnerable as a result of this incident?

We are not aware of any zero-day exploits targeting Adobe products. However, we recommend customers run only supported versions of the software, apply all available security updates, and follow the advice in relevant security hardening guides. These steps are intended to help mitigate attacks targeting older, unpatched, or improperly configured deployments of Adobe products.

Should customers cancel their credit cards?

Adobe has notified the banks processing customer payments for Adobe, so that they can work with the payment card companies and card-issuing banks to help protect customers' accounts.

We are also in the process of notifying customers whose credit or debit card information we believe to be involved in the incident. Customers whose credit or debit card information was involved will receive a notification letter from us with additional information on steps they can take to help protect themselves against potential misuse of personal information about them.

U.S. only: Adobe is also offering customers, whose credit or debit card information was involved, the option of enrolling in a one-year complimentary credit monitoring membership.

We also recommend that customers monitor their account for incidents of fraud and identity theft, including regularly reviewing your account statements and monitoring free credit reports. If customers discover any suspicious or unusual activity on their account or suspect identity theft or fraud, they should report it immediately to their financial institution.

U.S. only: In addition, customers may contact the Federal Trade Commission (FTC) or law enforcement to report incidents of identity theft or to learn about steps they can take to protect themselves from identity theft. To learn more, customers can go to the FTC’s website, at www.consumer.gov/idtheft, call the FTC at (877) IDTHEFT (438-4338), or write to Federal Trade Commission, Consumer Response Center, 600 Pennsylvania Avenue, NW, Washington, DC 20580.

Should customers change their passwords on all of their online accounts?

Adobe recommends that customers change their passwords on any website where they may have used the same user ID and password.

Should customers stop using Adobe products?

No. Based on our findings to date, we are not aware of any specific increased risk to customers as a result of this incident. However, we recommend customers run only supported versions of the software, apply all available security updates, and follow the advice in relevant security hardening guides. These steps are intended to help mitigate attacks targeting older, unpatched, or improperly configured deployments of Adobe products.

We value the trust of our customers, and are working diligently internally, as well as with external partners and law enforcement, to address the incident.

What security advice can you provide to Adobe customers?

Based on our findings to date, we are not aware of any specific increased risk to customers as a result of this incident. However, we recommend customers run only supported versions of the software, apply all available security updates, and follow the advice in relevant security hardening guides. These steps are intended to help mitigate attacks targeting older, unpatched, or improperly configured deployments of Adobe products.

We value the trust of our customers, and are working diligently internally, as well as with external partners and law enforcement, to address the incident.

What security measures does Adobe have in place to protect its customer information?

Security and in particular the security of customer information are very important to us. We are working diligently internally, as well as with external partners and law enforcement, to address the incident. We value the trust of our customers and will work aggressively to prevent these types of events from occurring in the future.

Adobe seems to have a lot of security issues. Why is that?

---------------------------------------------------------------------------------------------------------------------

Here's the link to the Adobe page I posted: http://helpx.adobe.c...l?promoid=KHQGF

Be careful all you Photoshop users. :ermm: I verified with Adobe staff that this is all true.
Thank you.
AwfulArchdemon
Link to comment
Share on other sites

According to the Adobe staff I spoke with, it's assumed that no personal information was gathered from their customers. 2.9 million of them, in fact. They say they're "pretty sure". So...we're "probably" safe.

 

I suppose I'm not mad at Adobe, but I'd love to know how the heck ADOBE could've been hacked! It would take quite a lot of hacking experience to get through the firewall of one of the web's largest and most powerful companies.

 

That said, this guy did not go through that much trouble NOT to gather and use all of the personal information he could get his hands on. I'm afraid Adobe may be trying to make me feel better by making it sound unlikely that this guy has our important information, but they'll have to do a better job than that! "Probably" and "maybe" are not words I want to hear when we're talking about credit card information. When you log onto Adobe.com, it will force you to change your password, for security reasons. That doesn't sound necessary if our info has not been stolen, so I'd prepare for the worst, if I were you. If you use the same password for anything else that you used for your Adobe account, I'd hurry up and change it.

 

I hope they catch the guy responsible for once. No one ever seems to get caught hacking or sending viruses these days, and that's quite a shame.

 

Once I've heard more news, I'll be sure to post it here.

 

Be safe.

AwfulArchdemon

Edited by AwfulArchdemon
Link to comment
Share on other sites

In events like this, and in good practice, it is recommended to change your password(s) to various sites at least once a month. Same goes with personal devices (computers, cell phones, etc) and home networks.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...