Learning From Data Hacks – Part 2: The Adobe Data Breach

Shortly after we published our last blog post discussing the risks data hacking poses to your business, we read a news article showing the real risks for even the biggest companies: Adobe, maker of numerous software products such as Photoshop, Flash, and Acrobat, received  “a sophisticated attack on [their] network” leading to the loss of 2.9 million sets of customer records, along with the source code to several Adobe products.

Adobe made the breach public through a blog post last Thursday, and since then worked hard to clean up the mess. In total, the attack compromised nearly 3 million customer records including “customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders.” Fortunately, they don’t believe the hackers accessed the decrypted credit card information - though, as we’ve pointed out before, encryption does not necessarily mean the data is secure.

While this records theft is concerning enough, the bigger problem is the theft of Adobe source code. Adobe manufacturers a number of high-profile software products, and more than a few of them, such as Acrobat Reader and Flash, run on nearly every PC and Mac sold today. The source code could make it extremely easy for hackers to develop malware that works through these products, infecting enormous amounts of the world’s computers with one keystroke.

Adobe states they are currently unaware of any efforts to use the source code to infect personal computers. However, the presence of Adobe products on computers today could make any attack a devastating one.

Another thing to take away from this breach is Adobe’s response to the hack, modeling what a company should do when finding a security vulnerability in their system. Upon discovering the customer data breach, Adobe automatically reset customer passwords, contacted the affected users, and notified customer banks and federal law enforcement. They were transparent about the breach, its scope, and what it meant for their users. In short, they did what they could to protect their users and took responsibility for the breach rather than trying to cover it up or deny their role.

Data breaches present serious problems to companies across the globe. While Adobe provides a good example of a timely response to a crisis, they also provide a perfect example of why monitoring your systems and using a proven security solution is so important. Hackers will stop at nothing to steal your data, so do anything you can to keep it safe.

Topic(s): tokenization

Keep Up With Our PCI & Privacy Blog