http://krebsonsecurity.com/2013/10/adobe-to-announce-source-code-customer-data-breach/
By Brian Krebs
Krebs on Security
October 3, 2013
Adobe Systems Inc. is expected to announce today that hackers broke into
its network and stole source code for an as-yet undetermined number of
software titles, including its ColdFusion Web application platform, and
possibly its Acrobat family of products. The company said hackers also
accessed nearly three million customer credit card records, and stole
login data for an undetermined number of Adobe user accounts.
KrebsOnSecurity first became aware of the source code leak roughly one
week ago, when this author — working in conjunction with fellow researcher
Alex Holden, CISO of Hold Security LLC — discovered a massive 40 GB source
code trove stashed on a server used by the same cyber criminals believed
to have hacked into major data aggregators earlier this year, including
LexisNexis, Dun & Bradstreet and Kroll. The hacking team’s server
contained huge repositories of uncompiled and compiled code that appeared
to be source code for ColdFusion and Adobe Acrobat.
Shortly after that discovery, KrebsOnSecurity shared several screen shots
of the code repositories with Adobe. Today, Adobe responded with
confirmation that it has been working on an investigation into a
potentially broad-ranging breach into its networks since Sept. 17, 2013.
In an interview with this publication earlier today, Adobe confirmed that
the company believes that hackers accessed a source code repository
sometime in mid-August 2013, after breaking into a portion of Adobe’s
network that handled credit card transactions for customers. Adobe
believes the attackers stole credit card and other data on approximately
2.9 million customers, and that the bad guys also accessed an
as-yet-undetermined number of user names and passwords that customers use
to access various parts of the Adobe customer network.
[...]
--
Find the best InfoSec talent without breaking your
recruiting budget! Post a Job, $99 for 31 days.
Hot InfoSec Jobs - http://www.hotinfosecjobs.com/
