Adobe source code breach; it’s bad, real bad
The theft of source code for Adobe Acrobat, Cold Fusion and other products poses a wide-spread threat given the installed base of these products, particularly the Acrobat reader, security specialists said. Adobe disclosed the issue in a blog post on Thursday.
In the post, Adobe Chief Security Officer Brad Arkin wrote:
“Our investigation currently indicates that the attackers accessed Adobe customer IDs and encrypted passwords on our systems. We also believe the attackers removed from our systems certain information relating to 2.9 million Adobe customers, including customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders. At this time, we do not believe the attackers removed decrypted credit or debit card numbers from our systems.”
Not good at all. This may be the biggest compromise of a software vendor’s security since the RSA Security stolen token meltdown two years ago. While that was extremely embarrassing because RSA is explicitly in the software security business and big customers were dinged in the process, Adobe’s products are more widely used by more sorts of customers. Acrobat and Flash are nearly ubiquitous.