Adobe Systems has suffered a massive data breach in which the personal details of 2.9 million users have been stolen, along with the source code for its Adobe Acrobat and ColdFusion programmes.
According to a blog post by Brad Arkin, Adobe's chief security officer, hackers were able to steal customers' names, encrypted credit and debit card numbers, their expiration dates, Adobe IDs and encrypted passwords.
Companies need to ensure they're protecting all of their assets.
Arkin said source code for "numerous Adobe products" was also removed from the firm's systems, but security researcher Brian Krebs specifically identified the company's ColdFusion web application platform and Acrobat family of products as being amongst those affected.
Krebs, who with fellow researcher Alex Holden, discovered the stolen source code used by cyber criminals believed to have attacked LexisNexis and Dun & Bradstreet earlier this year, further suggested users of Adobe's Creative Cloud and Revel cloud services were also disproportionately affected.
Peter Armstrong, director of cybersecurity at Thales UK, said the breach suggests companies like Adobe are either not taking cyber security seriously enough or do not know how to tackle it.
"Companies need to ensure they're protecting all of their assets, and that includes people, places and information. Security threats present themselves in a number of forms, and these increase by the day if not hour, minute or second," he said.
"Regulation in this case is a necessity to alter corporate behaviour. Once the full extent of the cyber threat is uncovered, greater collaboration on cyber issues should lead to an improvement in cyber awareness and cyber standards," Armstrong added.
Paul Ayers, VP EMEA at enterprise security firm Vormetric, added that - while it is good Adobe protects credit card information using encryption - he is concerned other personally identifiable information, such as addresses, owned software licenses and email addresses may be out in the open.
"This information could potentially be used for a very targeted spear phishing attack coming from Adobe', one that recommends a necessary software update is available to be downloaded with an email that seems very real because of all the accurate details it contains," Ayers said.
"From the reports out so far and the information available, you could draw the conclusion that Adobe used encryption to meet compliance requirements but not to protect what matters. Now, they have joined the ranks of Cisco and RSA which have lost valuable source code to a hacker.
"If Adobe had the appropriate security intelligence there was a much better chance that we would have never read these reports about their breach," he concluded.
IT Pro contacted Adobe for comment, but the company had not responded at the time of publication.
-
Should AI PCs be part of your next hardware refresh?AI PCs are fast becoming a business staple and a surefire way to future-proof your business
-
Westcon-Comstor and Vectra AI launch brace of new channel initiativesNews Westcon-Comstor and Vectra AI have announced the launch of two new channel growth initiatives focused on the managed security service provider (MSSP) space and AWS Marketplace.
-
Warning issued over “incomplete” fix for Adobe ColdFusion vulnerabilityNews An incomplete fix for a vulnerability disclosure could be placing users at risk, researchers warned
-
Capita tells pension provider to 'assume' nearly 500,000 customers' data stolenCapita told the pension provider to “work on the assumption” that data had been stolen
-
Adobe forced to patch its own failed security updateNews Company issues new fix for e-commerce vulnerability after researchers bypass the original update
-
Gumtree site code made personal data of users and sellers publicly accessibleNews Anyone could scan the website's HTML code to reveal personal information belonging to users of the popular second-hand classified adverts website
-
Pizza chain exposed 100,000 employees' Social Security numbersNews Former and current staff at California Pizza Kitchen potentially burned by hackers
-
83% of critical infrastructure companies have experienced breaches in the last three yearsNews Survey finds security practices are weak if not non-existent in critical firms
-
Identity Automation launches credential breach monitoring serviceNews New monitoring solution adds to the firm’s flagship RapidIdentity platform
-
Neiman Marcus data breach hits 4.6 million customersNews The breach took place last year, but details have only now come to light
