topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Thursday March 28, 2024, 8:09 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Adobe admits 2.9 million customer accounts compromised  (Read 5905 times)

tomos

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 11,959
    • View Profile
    • Donate to Member
Adobe admits 2.9 million customer accounts compromised
« on: October 07, 2013, 01:41 PM »
This from Znet last week (October 3rd), not much info in the article; and some contradictory statements re what exactly they got.
Not good publicity for Adobe's 'Creative Cloud' at any rate.

Adobe admits 2.9M customer accounts have been compromised

Summary: Unfortunately, the attack on Adobe also compromised customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders.
link:
http://www.zdnet.com...promised-7000021546/
Tom

IainB

  • Supporting Member
  • Joined in 2008
  • **
  • Posts: 7,540
  • @Slartibartfarst
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: Adobe admits 2.9 million customer accounts compromised
« Reply #1 on: October 08, 2013, 12:46 AM »
Heh, yes, I got am email from them telling me to change my account password. Being a bit paranoid,  I don't have any personal details saved in that account, so am not worried.
But what a palaver to get the account password reset! It took ages, and then just hung, so you had to restart the process. I kept at it, because from experience I knew Adobe's website tended to be somewhat constipated, but after 30 mins wasted time and getting nowhere I gave up and will try again sometime later.
I think their servers must be getting hammered. I would guess that their operation is probably not scaled up enough to cope with the peak load that is hitting them at the moment with people trying to reset their account passwords.

TaoPhoenix

  • Supporting Member
  • Joined in 2011
  • **
  • Posts: 4,642
    • View Profile
    • Donate to Member
Re: Adobe admits 2.9 million customer accounts compromised
« Reply #2 on: October 08, 2013, 05:21 AM »
At a bigger level Adobe is supposed to be "reputable", aka not a "cheap 2 bit op". Skipping all the zero day stuff, presumably their raw customer logins were supposed to be "standardly protected".

So I'm getting increasingly grumpy about the "Cloud" - "create accounts, good for only X years before they get hacked!"


IainB

  • Supporting Member
  • Joined in 2008
  • **
  • Posts: 7,540
  • @Slartibartfarst
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: Adobe admits 2.9 million customer accounts compromised
« Reply #3 on: October 08, 2013, 02:19 PM »
At a bigger level Adobe is supposed to be "reputable", aka not a "cheap 2 bit op". Skipping all the zero day stuff, presumably their raw customer logins were supposed to be "standardly protected".
So I'm getting increasingly grumpy about the "Cloud" - "create accounts, good for only X years before they get hacked!"
Start of rant:------------------------------------
Yes, it is a depressing reflection on the technical capability of the service suppliers how common a failing this "hackability" seems to have been. The evidence is there as plain as a pikestaff: the techos implementing these systems that get hacked - and hacked with such frequency and apparent ease - are clearly failing to implement sometimes even the most basic/elementary security procedures, never mind the appropriately more sophisticated security procedures.
The thing about good IT security is that it should employ a proactive and pre-emptive risk-averse approach to potential risk/threat.

I am thus wholly unimpressed by the Adobe blog post (linked to at the ZDnet link given by @tomos, above), where it says this:
Important Customer Security Announcement
Posted by Brad Arkin, Chief Security Officer on October 3, 2013 8:08 AM in Executive Perspectives   

Cyber attacks are one of the unfortunate realities of doing business today. Given the profile and widespread use of many of our products, Adobe has attracted increasing attention from cyber attackers. Very recently, Adobe’s security team discovered sophisticated attacks on our network, involving the illegal access of customer information as well as source code for numerous Adobe products. We believe these attacks may be related. ...
...We value the trust of our customers. We will work aggressively to prevent these types of events from occurring in the future. Again, we deeply regret any inconvenience this may cause you. If you would like additional information, please refer to Adobe’s Customer Support page.

This would seem to include:
 - argumentum ad populum (appeal to the people/consensus, popular sentiment - appeal to the majority; appeal to loyalty);
 - argumentum ad verecundiam (appeal to authority; conventional propriety);
 - argumentum ad misericordiam - appeal to pity; to arouse pity for getting one's conclusion accepted);
 - argumentum ad baculum (appeal to fear);
 - argumentum ad ignorantiam (forwarding a proposition without any certain proof) - we are not offered any evidence as to the "sophistication" of this attack.

That is, there's not only an implicit:
"Hey, everyone knows that security can be a BIG PROBLEM - right? I mean, heck, it's not like it's MY fault, #sshole - I mean, like, it's a bad, bad world out there - y'know?"
- which could be a classic rejection of responsibility for the success of the hack attack and a pathetic, anticipatory whining self-defence, but also, the phrase "sophisticated attacks on our network" could arguably be a massive spin/euphemism for the truth, which could perhaps be better interpreted as:
"We were wholly unprepared for this hack attack, which was far more sophisticated than we had been prepared for with our hopelessly inadequate, immature and unsophisticated security systems. We thought we'd be able to get away with minimal spending on that part, but I guess we got screwed anyway. Oops. I guess calculating the statistical probability of risk was never one of our strong-points, eh? Oh dear, what a pity, never mind. Sorry about that. Well, this has certainly been a learning experience for us, and I promise we'll do real good now and start thinking ahead a bit. OK? So stop being all bitter and twisted about it, see?
Oh, and in case we've not already covered ourselves with explicit ZERO LIABILITY for this sort of thing, we will soon, 'cause we're already reviewing our Terms & Conditions to make damn sure of that one, and we'll unilaterally change it all, as necessary. So you can go suck on that."

It's bad enough, but at least it's understandable if/when people accidentally and without thinking use logical fallacies in a discussion/debate - because we're only human after all. However, if/when apparently fully-considered public statements/propositions are made by responsible and accountable people whilst in damage-control mode, and if those statements/propositions contain logical fallacies, then this could presumably be deliberate. That is, the truth could be being deliberately twisted in an attempt to avoid liability and shape public perception in a desired manner. This is the world of marketing and politics where "Perception is everything". It is BS.

The antics of Adobe over the years in consistently pushing and manipulating the market for its various ubiquitous and sometimes crappy offerings - e.g., including .PDF and Shockwave/Flash - had already put them relatively low down in my table of expectations, but by this latest foul-up and in particular their response to it they have just placed themselves smack at the bottom. Avoid.

End of rant:------------------------------------

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,857
    • View Profile
    • Donate to Member
Re: Adobe admits 2.9 million customer accounts compromised
« Reply #4 on: October 08, 2013, 02:37 PM »
This is the world of marketing and politics where "Perception is everything". It is BS.

This. :Thmbsup:

Well said IainB. 8)

tomos

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 11,959
    • View Profile
    • Donate to Member
Re: Adobe admits 2.9 million customer accounts compromised
« Reply #5 on: October 10, 2013, 03:11 AM »
Heh, yes, I got am email from them telling me to change my account password.

the beggars only got around to emailing me today, that my account was compromised.
The breach was announced on the 3rd of October - email arrives seven days later. Either they're slow at notification, or maybe it was worse than they thought. The Znet article says:

Adobe is resetting the passwords on breached Adobe customer IDs, and users will receive an email if they are affected. The software giant is also currently notifying customers whose credit or debit card information was exposed.

so it sounds like maybe only some people's CC info was taken :-\

Tom

cranioscopical

  • Friend of the Site
  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 4,776
    • View Profile
    • Donate to Member
Re: Adobe admits 2.9 million customer accounts compromised
« Reply #6 on: October 10, 2013, 03:52 PM »
it sounds like maybe only some people's CC info was taken
You wish!  :(

They were unforgivably late contacting me as well. To rub salt into the wound, their password-reset page wouldn't identify my Adobe ID, so I had to spend the best part of 90 minutes on the phone with a delightfully pleasant lady from India while she tried all manner of things. Her helpful attitude did quite a bit to mitigate what was my very bad impression of Adobe (see here also). Just goes to show you how important it is to have good people on the front lines.