Adobe’s Brad Arkin, security director, explained that not only were accounts stolen and compromised, the hackers were also trying to gain access to all of Adobe’s products illegally. These products include Photoshop, Acrobat Pro, and Elements.
However, Adobe is claiming that there is no increased risk to customers as a result of hacking attempts on the programs, and no zero-day attacks have been detected.
Sensitive information was stolen from 2.9 million users, said Arkin. He believes that encrypted debit and credit card numbers and expiration dates were taken as well as names, addresses, phone numbers and any information that had been shared with Adobe for the purpose of purchasing monthly plans for programs such as Photoshop. On the other hand, investigators believe that decrypted debit and credit card numbers are safe, though the research has not been completed yet. In addition, the investigators found that hashed passwords and usernames were also stolen, in addition to the credit card information.
Due to federal involvement, Adobe stressed that some actions will need to be taken now by most customers. Not only is Adobe resetting all passwords, the company is sending out emails to all accounts that had any sort of data stolen. Adobe is also footing the bill for a one-year complimentary credit monitoring program for anyone who wishes to partake. In some cases, they are offering a few months of free services as well.
Adobe isn’t the first company that’s suffered from major attacks this year. Wells Fargo, LinkedIn, and Yahoo are just a few of the companies that have seen similar hacking attempts, and while all these companies responded quickly to the threats, all have had data of some sort stolen from their protected systems. While hackers are getting stronger, security systems for protecting data are struggling to keep up. In addition, some hacking groups are now selling “boxed” bugs, which anyone can buy and run to make a quick dime off of someone who isn’t using strong enough virus protection on their computer.
Make sure you are running up-to-date virus definitions on each and every computer you are responsible for, in addition to giving out private information – even when you think it’s safe – to as few companies as possible.