Adobe has reported that a cyber-attack by a third party has compromised the security of user information including the encrypted credit/debit card data, Adobe ID’s and passwords of 2.9 million customers. At the time the alert was issued, Adobe did not believe that decrypted credit card or debit card numbers were accessed. The company says in a security alert (posted in full below) that it has reset the affected passwords and is sending emails to customers whose data has been accessed (and to only those customers) with instructions on how to change their passwords. If you haven’t received an email and want to reset your Adobe password, instructions can be found here. Adobe also recommends changing the password of other accounts with the same user ID and password. Although Adobe has not specifically mentioned Creative Cloud in its security alert, that appears to be the target of these attacks; it’s possible that non-subscriber information has been accessed as well.
Additionally, Adobe is sending letters to those customers whose credit or debit card information “was believed to be involved,” with information about next steps to help prevent potential misuse of the information. Processing banks for Adobe payments have been notified. Further, Adobe is offering a complimentary, one year credit monitoring membership (“where available”) for those whose credit card and debit card information was breached.
And, finally, Adobe is working with federal law enforcement to investigate the attack.
At the same time, Adobe says that source code for Adobe Acrobat, ColdFusion, ColdFusion Builder and other Adobe products has also been accessed by a third party. The company is currently not aware of any increased risk to customers; you can read more about this security alert here. A security update for Acrobat XI and Acrobat Reader is expected on Tuesday, October 8.
Important Customer Security Announcement
Cyber attacks are one of the unfortunate realities of doing business today. Given the profile and widespread use of many of our products, Adobe has attracted increasing attention from cyber attackers. Very recently, Adobe’s security team discovered sophisticated attacks on our network, involving the illegal access of customer information as well as source code for numerous Adobe products. We believe these attacks may be related.
Our investigation currently indicates that the attackers accessed Adobe customer IDs and encrypted passwords on our systems. We also believe the attackers removed from our systems certain information relating to 2.9 million Adobe customers, including customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders. At this time, we do not believe the attackers removed decrypted credit or debit card numbers from our systems. We deeply regret that this incident occurred. We’re working diligently internally, as well as with external partners and law enforcement, to address the incident. We’re taking the following steps:
- As a precaution, we are resetting relevant customer passwords to help prevent unauthorized access to Adobe ID accounts. If your user ID and password were involved, you will receive an email notification from us with information on how to change your password. We also recommend that you change your passwords on any website where you may have used the same user ID and password.
- We are in the process of notifying customers whose credit or debit card information we believe to be involved in the incident. If your information was involved, you will receive a notification letter from us with additional information on steps you can take to help protect yourself against potential misuse of personal information about you. Adobe is also offering customers, whose credit or debit card information was involved, the option of enrolling in a one-year complimentary credit monitoring membership where available.
- We have notified the banks processing customer payments for Adobe, so that they can work with the payment card companies and card-issuing banks to help protect customers’ accounts.
- We have contacted federal law enforcement and are assisting in their investigation.
We are also investigating the illegal access to source code of numerous Adobe products. Based on our findings to date, we are not aware of any specific increased risk to customers as a result of this incident. For more information, please see the blog post here.
We value the trust of our customers. We will work aggressively to prevent these types of events from occurring in the future. Again, we deeply regret any inconvenience this may cause you. If you would like additional information, please refer to Adobe’s Customer Support page.
Chief Security Officer
Eighteen photographers from around the world have been awarded the 2016 Magnum Foundation Emergency Fund, a grant that helps independent photographers produce in-depth and creative stories on underreported issues. Grantees were selected by an independent editorial committee from a pool of 140 photographers nominated by 26 international editors, curators, and educators. The grantees are: Poulomi Basu,... More ›
Photographer Edward Burtynsky announced this week that he will use a CAD 25,000 ($18,892) award he received to establish a photo book publishing grant for Canadian emerging photographers. The money will support one CAD 5,000 ($3,778) grant per year for the next five years. Burtynsky had received the cash prize from The Canada Council for... More ›
Jon Verney makes his multi-hued prints by using the sulfur-rich water and mud in hot springs and geysers to bleach and tone silver-based prints. Verney first tried the process at a hot spring in Italy, and has since traveled to hot springs in Iceland, Yellowstone National Park in Wyoming and the Salton Sea in southern... More ›