[LINK] Adobe

[stephen at melbpc.org.au]

Adobe Blog 

Important Customer Security Announcement

POSTED BY BRAD ARKIN, CHIEF SECURITY OFFICER ON OCTOBER 3, 2013 8:08 AM
http://blogs.adobe.com/conversations/2013/10/important-customer-security-
announcement.html


Cyber attacks are one of the unfortunate realities of doing business today. 

Given the profile and widespread use of many of our products, Adobe has 
attracted increasing attention from cyber attackers. Very recently, Adobe’s 
security team discovered sophisticated attacks on our network, involving 
the illegal access of customer information as well as source code for 
numerous Adobe products. We believe these attacks may be related.

Our investigation currently indicates that the attackers accessed Adobe 
customer IDs and encrypted passwords on our systems. 

We also believe the attackers removed from our systems certain information 
relating to 2.9 million Adobe customers, including customer names, 
encrypted credit or debit card numbers, expiration dates, and other 
information relating to customer orders. 

At this time, we do not believe the attackers removed decrypted credit or 
debit card numbers from our systems. 

We deeply regret that this incident occurred. We’re working diligently 
internally, as well as with external partners and law enforcement, to 
address the incident. 

We’re taking the following steps:

* As a precaution, we are resetting relevant customer passwords to help 
prevent unauthorized access to Adobe ID accounts. If your user ID and 
password were involved, you will receive an email notification from us with 
information on how to change your password. We also recommend that you 
change your passwords on any website where you may have used the same user 
ID and password.

* We are in the process of notifying customers whose credit or debit card 
information we believe to be involved in the incident. If your information 
was involved, you will receive a notification letter from us with 
additional information on steps you can take to help protect yourself 
against potential misuse of personal information about you. Adobe is also 
offering customers, whose credit or debit card information was involved, 
the option of enrolling in a one-year complimentary credit monitoring 
membership where available.

* We have notified the banks processing customer payments for Adobe, so 
that they can work with the payment card companies and card-issuing banks 
to help protect customers’ accounts.

* We have contacted federal law enforcement and are assisting in their 
investigation.

We are also investigating the illegal access to source code of numerous 
Adobe products. Based on our findings to date, we are not aware of any 
specific increased risk to customers as a result of this incident. For more 
information, please see the blog post here.

http://blogs.adobe.com/asset/2013/10/illegal-access-to-adobe-source-
code.html

We value the trust of our customers. We will work aggressively to prevent 
these types of events from occurring in the future. Again, we deeply regret 
any inconvenience this may cause you. If you would like additional 
information, please refer to Adobe’s Customer Support page.

http://www.adobe.com/go/customer_alert

Brad Arkin
Chief Security Officer

--

Message sent using MelbPC WebMail Server