Adobe has announced that, including user names, encrypted passwords, and encrypted payment information. Adobe has sent email notifications to affected customers, alerting them to reset their Adobe ID passwords, along with an offer of one free year of credit monitoring for customers whose credit or debit card information was accessed.
In addition to customer information, the attackers also stole source code for a number of Adobe’s products. Security expert Brian Krebs on a rogue server a week before Adobe’s announcement. Adobe believes the intrusion occurred in mid-August 2013, due to outdated installs of ColdFusion on some of its networks.
This breach shines an unflattering light on Adobe’s plans to make most of its software available only by subscription (see “,” 8 May 2013), and feeds critics of the company’s Creative Cloud service (see “ ,” 17 May 2013).
While Adobe sees cloud-based subscriptions as a more reliable source of revenue, the company’s increased emphasis on online accounts also made Adobe even more attractive to cyber criminals. Now Adobe has the unenviable task of further hardening online systems, winning back customer trust, and averting new security vulnerabilities that could be opened by the source code leak.
As for what you, the user, can do in this particular situation, there isn’t much other than changing your Adobe ID password. More generally, the single best thing you can do to protect yourself is to limit the potential damage by using a different secure password for every online service, as recommended in Joe Kissell’s best-selling “Take Control of 1Password.”.” Password managers like 1Password are essential for this task (see “ ,” 3 October 2013), and fortunately, Joe has a book for that as well, the just-released “