×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Adobe Hacked: Almost 3 Million Accounts Compromised

samzenpus posted about 7 months ago | from the breaking-in dept.

Security 256

sl4shd0rk writes "Adobe Systems Inc. is expected to announce today that hackers broke into its network and stole source code for an as-yet undetermined number of software titles, including its ColdFusion Web application platform, and possibly its Acrobat family of products. The company said hackers also accessed nearly three million customer credit card records, and stole login data for an undetermined number of Adobe user accounts."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

256 comments

First post! (-1, Offtopic)

pingbak (33924) | about 7 months ago | (#45030671)

For once!

Re:First post! (0)

Anonymous Coward | about 7 months ago | (#45030727)

First to get hacked!

(runs off to AC-land)

Re:First post! (5, Funny)

K. S. Kyosuke (729550) | about 7 months ago | (#45031013)

Your post looks photoshopped. Yep, definitely. The reflections are all wrong.

Re:First post! (2, Funny)

Anonymous Coward | about 7 months ago | (#45031235)

photoshopped reflections expert here, can confirm

Re:First post! (0)

Anonymous Coward | about 7 months ago | (#45031509)

Seconded.

Source: I've seen quite a few shops in my time. And the pixels.

Re:First post! (-1)

oztiks (921504) | about 7 months ago | (#45031479)

Adobe Hacked: Almost 3 Million Accounts Compromised

Were 3 millions accounts were "almost" compromised or does the poster mean "close to" 3 million accounts compromised.

See... this is why I torrent cracked versions. (5, Funny)

hawks5999 (588198) | about 7 months ago | (#45030681)

It's too risky to give your credit card number to a company like Adobe.

Re:See... this is why I torrent cracked versions. (1, Informative)

Ksevio (865461) | about 7 months ago | (#45030717)

In related news, it turns out Adobe will give you some sort of software if you give them a credit card number. What a crazy business model!

Re:See... this is why I torrent cracked versions. (5, Informative)

Em Adespoton (792954) | about 7 months ago | (#45031225)

In related news, it turns out Adobe will give you some sort of software if you give them a credit card number. What a crazy business model!

Not for long... their new business model is that they will let you have access to their cloud if you give them a credit card number, and keep paying them regularly.

Seconded (2, Funny)

themushroom (197365) | about 7 months ago | (#45030903)

This makes me happy to have p1r4t3d versions of CS5 and CS6.
Adobe doesn't know my details and neither do the hackers, easy peasie lemon squeezie.

Re: Seconded (4, Funny)

snowblind (175857) | about 7 months ago | (#45031377)

Yes we do Dave Watson 123 Anywhere Ln. Sunnyvale, CA 95014
Ph# 408.123.4567
Spouse: Miss Michigan
Kids: Dave Jr and Susie

Re:See... this is why I torrent cracked versions. (4, Insightful)

amicusNYCL (1538833) | about 7 months ago | (#45030905)

You choose to not pay for the software that you prefer to use because you don't want to give your credit card number to Adobe? After which episode that Adobe had credit card records stolen from it did you make that decision? How long ago was that? How many times has Adobe been attacked and had customer credit card information stolen? You're sure that's not just a lame justification for not wanting to pay for the software that you prefer to use?

seeing the future verses the writing on the wall (4, Insightful)

themushroom (197365) | about 7 months ago | (#45031063)

Buying a piece of software from a vendor: Adobe doesn't have your details.
Paying on a monthly basis to a software company: Adobe has your details.

Your point about the inability to see the future is intact. However, it doesn't discount being able to predict the potential future based on math and science.

Re:See... this is why I torrent cracked versions. (-1)

Anonymous Coward | about 7 months ago | (#45031065)

You choose to not pay for the software that you prefer to use because you don't want to give your credit card number to Adobe? After which episode that Adobe had credit card records stolen from it did you make that decision? How long ago was that? How many times has Adobe been attacked and had customer credit card information stolen? You're sure that's not just a lame justification for not wanting to pay for the software that you prefer to use?

You sure you can't read a tongue-in-cheek comment without taking it far too seriously and climbing up on some moral high horse of yours?

Re:See... this is why I torrent cracked versions. (2, Funny)

amicusNYCL (1538833) | about 7 months ago | (#45031205)

I'm a programmer, not a cunning linguist. Taking things at face value is my specialty.

And I don't have to "climb up" on some high horse, you clod, I'm here all the time.

Re:See... this is why I torrent cracked versions. (1)

rk (6314) | about 7 months ago | (#45031257)

That's insensitive clod to you, mister!

Re:See... this is why I torrent cracked versions. (-1)

Anonymous Coward | about 7 months ago | (#45031351)

No you're a socially retarded person. Many programmers understand both sarcasm and jokes. Not all of us have no sense of humor like yourself.

Re:See... this is why I torrent cracked versions. (3, Funny)

amicusNYCL (1538833) | about 7 months ago | (#45031441)

I have a fantastic sense of humor. Which is not mutually-exclusive with being socially retarded.

Re:See... this is why I torrent cracked versions. (-1)

Anonymous Coward | about 7 months ago | (#45031507)

I have a fantastic sense of humor.

Is that what mommy tells you?

Re:See... this is why I torrent cracked versions. (1)

CCarrot (1562079) | about 7 months ago | (#45031073)

You choose to not pay for the software that you prefer to use because you don't want to give your credit card number to Adobe? After which episode that Adobe had credit card records stolen from it did you make that decision? How long ago was that? How many times has Adobe been attacked and had customer credit card information stolen? You're sure that's not just a lame justification for not wanting to pay for the software that you prefer to use?

Shhh! I can't hear anything for all the whooshing around here!

Re:See... this is why I torrent cracked versions. (0)

Anonymous Coward | about 7 months ago | (#45031077)

You're sure that's not just a lame justification for not wanting to pay for the software that you prefer to use?

He's sure. It's called a joke.

Re:See... this is why I torrent cracked versions. (1)

Anonymous Coward | about 7 months ago | (#45031083)

Good point; up until now, Adobe's security track record has been pretty superb... I mean, look how frequently they churn out security patches. From this you can tell that Adobe takes security very seriously, and that they really do care about their customers' well-being. If only human persons like hawk5999 were as honest and altruistic as corporate persons, we'd have a much better world for our betters to live in.

Metachoice (2)

SuperKendall (25149) | about 7 months ago | (#45031551)

After which episode that Adobe had credit card records stolen from it did you make that decision?

Adobe may or may have had one before.

But there are enough other companies that have, that it's easy to make a rational choice based on the probability that it will happen to a company like Adobe, based on what has happened to companies at large that attract large bases of credit card numbers - especially as Adobe has recently moving to a subscription based service where they have presumably got a lot more credit card numbers stored than they used to before.

That was a factor in why I decided that I would not subscribe to the Photoshop subscription, even though the more recent photographically oriented pricing for just a few products was more appealing.

I'm all for paying for products myself, I do so whenever possible. But what I am not for is needless exposure of my financial data just because a company would prefer recurring revenue.

Couldn't have happened... (4, Insightful)

James Sarvey (3348883) | about 7 months ago | (#45030687)

...to a nicer company. I feel bad for their customers, but I'm hoping this kind of breach pushes people to insist that their sensitive data isn't stored when it isn't absolutely necessary.

Re:Couldn't have happened... (3, Interesting)

Ralph Ostrander (2846785) | about 7 months ago | (#45030763)

Why do they need to store it use it lose it credit card companies need to insist as it is them who foot the bill when it is used. I will not lose the number it is on my card you have no need to store it. Storing it should be conspiracy to steal it and use it.

Re:Couldn't have happened... (4, Informative)

Anonymous Coward | about 7 months ago | (#45030859)

Adobe have been pushing software rental for the last couple of years. This involves recurrent payments. Recurrent payments require the vendor to store credit card details, or outsource the payment processing to a third party who stores the details.

Either way, if you're renting software your credit card details are being stored.

Re:Couldn't have happened... (0)

Anonymous Coward | about 7 months ago | (#45030973)

Usually the way this works with a company that spends the time to do it right is that the Payment Gateway/Processor will store the card in perpetuity and give you a token you can reauth against. Since the token itself is useless and can be revoked, it's vastly safer, barring any issues with the Gateway/Processor/Token (Heartland....)

Re:Couldn't have happened... (0)

Anonymous Coward | about 7 months ago | (#45031515)

Unfortunately Abobe have moved to a monthly subscription model for products like Acrobat. So storing this information is 'necessary'.

Of course it should never have been stored in such a way that it was ever readable remotely.

3 million? (-1)

Anonymous Coward | about 7 months ago | (#45030693)

you suck at the internet.

Re:3 million? (2)

wiredlogic (135348) | about 7 months ago | (#45030855)

Doesn't say much for the security of ColdFusion. Maybe it's time for Adobe to stop eating their own dogfood.

Re:3 million? (5, Interesting)

the eric conspiracy (20178) | about 7 months ago | (#45031095)

ColdFusion is built on JRun which is the most miserable POS Java servlet container conceived by the mind of man.

Since the source code is out maybe it will get some bug fixes.

Re:3 million? (1)

John3 (85454) | about 7 months ago | (#45031469)

Not yet clear what system was breached and what platform it was running. Do you have a link to details of the attack vector? I haven't run Cold Fusion in years, once Adobe purchased it and moved it to JRun I migrated my code off Cold Fusion.

good thing (4, Insightful)

Anonymous Coward | about 7 months ago | (#45030707)

you can still buy offline standalone applications from adobe.... oh, wait.

Interesting Quote (4, Insightful)

BenSchuarmer (922752) | about 7 months ago | (#45030713)

However, as far as the source code is concerned, Adobe assured that there is no "increased risk to customers as a result of this incident."

In other words, the risk is as bad as ever.

Re:Interesting Quote (1)

gmuslera (3436) | about 7 months ago | (#45030999)

Worse. The source code included the required NSA backdoor. Now requiring to insert backdoors to manufacturers will lead to the logical consequence

Re:Interesting Quote (4, Funny)

fuzzyfuzzyfungus (1223518) | about 7 months ago | (#45031007)

However, as far as the source code is concerned, Adobe assured that there is no "increased risk to customers as a result of this incident."

In other words, the risk is as bad as ever.

I'm not sure why Adobe is being so pessimistic. This might be the first time in years that anybody who could find their own ass with both hands and a map, much less do code security, has examined the source code involved...

Creative Cloud (0)

Anonymous Coward | about 7 months ago | (#45030743)

I hope this destroys their "Creative Cloud" or rather their extortion scheme for locking up your files if you ever stop paying them.

Re:Creative Cloud (0)

Anonymous Coward | about 7 months ago | (#45030959)

Yea, right along with Micro$oft's Office 365 thing... Man that's a ripoff!

PDF Exploit? (5, Funny)

Statecraftsman (718862) | about 7 months ago | (#45030753)

What are the odds this attack didn't involve a pdf exploit?

Re:PDF Exploit? (1)

Anonymous Coward | about 7 months ago | (#45030791)

You never know it could have been a flash exploit...

Re:PDF Exploit? (5, Funny)

fuzzyfuzzyfungus (1223518) | about 7 months ago | (#45031021)

If you upgrade to a suitably new version of Acrobat, you can put your flash exploits inside your exploit PDF. Totally worth the license fee.

adobe is such bullshit (0)

Anonymous Coward | about 7 months ago | (#45030767)

jesus christ, will someone make a fucking photoshop alternative already (don't say gimp that shit blows dongs)

Re:adobe is such bullshit (2, Insightful)

Anonymous Coward | about 7 months ago | (#45030893)

Ok, I won't say gimp. How about Corel Draw?

Re:adobe is such bullshit (0)

Anonymous Coward | about 7 months ago | (#45030909)

What's stopping you?

Re:adobe is such bullshit (0)

Anonymous Coward | about 7 months ago | (#45031023)

I don't have the capital to start a large business with the dozens of computer science phds it will take to catch up to adobe's product. if you think one dude coding in his garage is going to catch up to adobe...get a clue, to put it mildly.

Re:adobe is such bullshit (1)

Darth Twon (2832799) | about 7 months ago | (#45031109)

Where did companies like Apple and Microsoft come from then?

Re:adobe is such bullshit (1)

0123456 (636235) | about 7 months ago | (#45031259)

Where did companies like Apple and Microsoft come from then?

Microsoft began with MS Basic, which, if I remember correctly, was about 8k of assembler.

Even 'Hello World' compiles to more than 8k on most modern operating systems.

Re:adobe is such bullshit (1)

bmo (77928) | about 7 months ago | (#45031559)

The first two versions they made were named after the size of the code.

4k and 8k BASIC. As a kid in the early 80s, I used a lot of 4k and 8k BASIC listings and "ported" programs over to Apple, TRS-80, and TI BASIC.

Because everybody had different syntax for BASIC.

And they were named Micro-Soft at the time.

/old

//slashies on slashdot? [palin] you betcha [/palin]

///and peek and poke were the gateway drug to assembler.

--
BMO

WHY are Adobe storing credit card numbers? (0)

Anonymous Coward | about 7 months ago | (#45030773)

Anybody?

Re:WHY are Adobe storing credit card numbers? (1)

Anonymous Coward | about 7 months ago | (#45030793)

Because they are the number one software subscription company in the world?

Couldn't have happened to a nicer bunch of folks. (0)

Anonymous Coward | about 7 months ago | (#45030781)

What's that? You can't manage to release plugins without 50 remotely exploitable holes every month? Not surprised to hear that your network was hacked.

Anyone Surprised? (1)

ScottCooperDotNet (929575) | about 7 months ago | (#45030795)

Is anyone surprised that a company that is already battered by a poor security reputation would be compromised in this way?

That they are doing their own billing isn't surprising considering their size, but not a place I'd put a personal card number.

Re:Anyone Surprised? (0)

Anonymous Coward | about 7 months ago | (#45030853)

That's nothing - I just downloaded the ENTIRE source code for the Linux kernel!

Be afraid!

Re:Anyone Surprised? (1)

aNonnyMouseCowered (2693969) | about 7 months ago | (#45031105)

Sorry for those whose accounts were compromised. But speaking as a FOSS user, I see this as karma for all those times that Adobe made Linux look bad because Adobe Crash (aka Flash) ran worse under that OS than under MS Windows. Which isn't to say that it actually ran well under Windows, just that it ran worse under Linux and had 2x the system requirements. I even remember some Adobe engineer blaming the poor support for Linux on its fucktitude of audio (Alsa, OSS, Pulse, etc) and video system software when they could have coded to the lowest common denominator or at least the most widely deployed solutions (Alsa for audio or Open GL or maybe XVideo for accelerated video).

Also, aside from the shortage of A-list gaming titles, among the most common complaints you'd hear from users who have tried but don't want to shift to Linux is the absence of Adobe graphics products, products that ran reasonably well under Wine, but which Adobe has persistently refused to release for Linux even during the time in the late 90s when desktop Linux penetration approached that of Apple.

Adobe just shifted to a subscription-only model (0)

Anonymous Coward | about 7 months ago | (#45030805)

They apparently don't sell permanent licenses anymore, you have to pay by the month.

There are pluses and minuses to each approach, but this type of thing would definitely be a minus, since customers used to buy their shrink wrap boxes from a third party retailer.

My conversation with a colleague (0)

Anonymous Coward | about 7 months ago | (#45030811)

ME: Did you hack adobe again?
HIM: gross no
HIM: i don't want to get that stuff on me
ME: good point.

Flash (0)

Anonymous Coward | about 7 months ago | (#45030817)

Flash player sources ?

Yeah. Nothing to worry about...

This is just adobe's way of saying... (0)

Anonymous Coward | about 7 months ago | (#45030825)

... the NSA just visited the data center.

I, for one... (4, Interesting)

msauve (701917) | about 7 months ago | (#45030833)

...can't wait until the hackers fork their code, and create something stable and less buggy from it. It will obviously take lots of work, but if they have the skills to hack in, they're up to the challenge.

Re:I, for one... (1)

bmo (77928) | about 7 months ago | (#45031397)

and create something stable and less buggy from it

Wishful thinking requiring LSD and shrooms at the same time.

Their code base for Photoshop, for example, goes back to the mid-80s. The amount of crunchy crusty cruft probably makes "cleaning it up and making it less buggy" impossible.

And if the rant from the guy who maintained the Linux fork of Flash Player, a few years ago, is any indication, anything related to Flash is spaghetti-coded.

So I'm not gonna hold my breath.

--
BMO

Open Source the code. (0)

Anonymous Coward | about 7 months ago | (#45030835)

Good. I hope the hackers open source the code.

Re:Open Source the code. (1)

tech.kyle (2800087) | about 7 months ago | (#45030953)

The code could easily be identified and the source taken down. It might make its rounds on file sharing sites, but all it'll likely be good for is compiling yourself with little to no modifications to the code or for learning from (which would be its most valuable use).

Re:Open Source the code. (1)

Em Adespoton (792954) | about 7 months ago | (#45031319)

The code could easily be identified and the source taken down. It might make its rounds on file sharing sites, but all it'll likely be good for is compiling yourself with little to no modifications to the code or for learning from (which would be its most valuable use).

No, I think we'll find its most valuable use will be in finding exploits and selling them on the black market. Not valuable to most people, but definitely to those who stole the data.

A likely attack vector (2)

TheloniousToady (3343045) | about 7 months ago | (#45030845)

I bet they used Flash to get in: since Adobe seems to be pushing Flash updates about every 10 minutes lately, it's evidently got some major security problems.

Adobe has three million customers? (0)

Anonymous Coward | about 7 months ago | (#45030865)

Not that anybody assumed that Adobe would be any more immune to these type of attacks than any other company, but maybe they should take a look at how effective their web programming suites are?

Source code (2)

Dunbal (464142) | about 7 months ago | (#45030889)

According to TFA :"no "increased risk to customers as a result of this incident."

Considering that Adobe products are an endless stream of security vulnerabilities and zero days, I would say this is a fair statement. You have the same risk as you had before, when you allow their products onto your machines. As for the credit card data - shame on them. Why was that even on the same network?

No cloud for you! (4, Insightful)

onyxruby (118189) | about 7 months ago | (#45030895)

Adobe must be the one company in the world to have a worse track record at security than Microsoft, Oracle or Mozilla. They have ignored industry best practices and been a thorn in the side of the rest of the industry for years while being oblivious to the damage their customers have suffered from their shoddy practices.

This is the same company that wants you to rely on their security as the only way to their products now that they only rent a cloud based versions of Acrobat Suite. Incidents like this are inevitable and people need to learn that their is nothing magical about the 'cloud'. Companies that have cloud dependencies for the use of their products necessarily expose all of their customers when they get cracked.

Do you trust Adobe with your security? Do you really think a company with their track record is going to get their act together?

Re:No cloud for you! (3, Insightful)

Voyager529 (1363959) | about 7 months ago | (#45031111)

Adobe must be the one company in the world to have a worse track record at security than Microsoft, Oracle or Mozilla.

...Sony?

Re:No cloud for you! (4, Interesting)

Tom (822) | about 7 months ago | (#45031133)

This is the same company that wants you to rely on their security as the only way to their products now that they only rent a cloud based versions of Acrobat Suite.

This.

I was actually on the verge of buying some of their stuff just a week ago. Decided against it when I found out they don't sell standalone versions anymore.

Re:No cloud for you! (0)

Anonymous Coward | about 7 months ago | (#45031317)

I hate their cloud thing as much as the next guy but these are the same programs, just they phone home similar to FlexLM for licensing.

Somebody got creative... (0)

Anonymous Coward | about 7 months ago | (#45030921)

Sounds like somebody got creative with the Cloud.

Who Got Fired for This? (1)

BoRegardless (721219) | about 7 months ago | (#45030929)

It is not like this hasn't been reported at least weekly for years for various companies.

What the hell are major companies thinking?

Nothing to worry about (0)

Anonymous Coward | about 7 months ago | (#45030931)

As an Adobe customer, I'm happy they only got their hands on 3 million plaintext credit card numbers and not 4 million. That would've been a catastrophe. I'm sure Adobe will solve this problem in a flash.

Re:Nothing to worry about (2, Insightful)

fuzzyfuzzyfungus (1223518) | about 7 months ago | (#45031053)

3 million plaintext numbers means that Adobe's PCI team rides the short PCI bus to work...

Re:Nothing to worry about (1)

Em Adespoton (792954) | about 7 months ago | (#45031353)

3 million plaintext numbers means that Adobe's PCI team rides the short PCI bus to work...

...or it means that the attackers did a memory dump, and that many numbers were in memory at that time. Unlikely, but possible. More likely that Adobe gets their PCI status revoked. Except that in this case, the data was encrypted. The attackers just hit a lot of systems and grabbed a lot of data. Sorting it out to make anything useful out of some of the DBs may be quite a bit of work.

However, they've got email addresses and source code. So they can forge emails from Adobe to their customers with links to trojanized "updates" without much difficulty.

Re:Nothing to worry about (4, Informative)

John3 (85454) | about 7 months ago | (#45031485)

The articles so far seem to indicate the card numbers were encrypted.

Dayamn! Thjs is big! (5, Insightful)

PerlPunk (548551) | about 7 months ago | (#45030933)

This is big news. Expect untold exploits for the Adobe technology stack to emerge out of this. If someone or some group is determined to run Adobe into the ground, they are off to a good start.

Re:Dayamn! Thjs is big! (5, Insightful)

tech.kyle (2800087) | about 7 months ago | (#45031071)

Expect untold exploits for the Adobe technology stack to emerge out of this.

This. This is why people should be concerned. Open source programs have their code exposed to everyone, including those with malicious intent, and are therefor "battle hardened" for security. Closed source programs live a sheltered life and having that source suddenly available means those with malicious intent can use Adobe's relatively weak source code to develop new exploits for clients. Lots of them.

Adobe is a household name that users couldn't get rid of if they wanted to. Flash, for example, is on nearly every internet-connected PC. This is a problem for everyone.

Re:Dayamn! Thjs is big! (0)

Anonymous Coward | about 7 months ago | (#45031409)

Open source programs have their code exposed to everyone, including those with malicious intent, and are therefor "battle hardened" for security.

+5 funny. Sorta like how Debian's maintained version of OpenSSL that generated weak keys was "battle hardened for security" because the source was exposed?

Re:Dayamn! Thjs is big! (0)

Anonymous Coward | about 7 months ago | (#45031457)

Fag. Fag is what people that use "this" as a single word sentence are.

I'm ready to renew my subscription (0)

Anonymous Coward | about 7 months ago | (#45030995)

For Photoshop!

3 million is 3 million paid, right? (0)

Anonymous Coward | about 7 months ago | (#45031039)

Not just trial accounts with cracked editions but legitimately paid accounts? I had heard of it, just never seen it with my own eyes.

NSA (1)

Smiddi (1241326) | about 7 months ago | (#45031107)

Adobe appear to be so focused on pushing their "money making" business model (the no-one wants) they forget to secure their backend systems. I wonder what incentives the NSA give them to pipe the users details into PRISM?

They stole the source code? (0)

Anonymous Coward | about 7 months ago | (#45031285)

That's fucking epic. How will Adobe continue to develop any of those applications without it?

Re:They stole the source code? (1)

Psychotria (953670) | about 7 months ago | (#45031399)

That's fucking epic. How will Adobe continue to develop any of those applications without it?

They'll just have to start again. There will be a lot of Adobe developers putting in a lot of time to rewrite all that code.

Code analysis (5, Funny)

kav2k (1545689) | about 7 months ago | (#45031367)

So, let me recap.
Adobe just lost the source code to one of the most exposed attack surfaces known for vulnerabilities?
That'll be one hell of a peer review.

The sad truth is... (1)

Anonymous Coward | about 7 months ago | (#45031461)

The containment and clean up of this will cost Adobe a lot of money sure but, people are going to continue to use their software and Adobe will continue to operate as normal. The regular every day user won't care and the company will continue to make awesome profits.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...