Adobe hacket ? 3 millioner konti kompromittert

[Cuneax]

Kildekode, brukernavn og informasjon om bankkort kan være på avveie.

Adobe hacket ? 3 millioner konti kompromittert

[tommyb]

Adobe. Sikkerhet. Ikke synonymer.

[Autodidact]

De har i alle fall vært transparente nok til å kontakte kunder om hendelsen og bedt dem endre passord etter at passordene er omstilt.

[tommyb]

"Adobe and the researcher who broke the story said it was likely that the exploit was from Adobe running an *out of date* version of their own ColdFusion software with known vulnerabilities." (Sitat fra kildens diskusjonstråd, uten videre kilde.)

 

Videre er det rapportert at kildekoden til ColdFusion og Acrobat er tatt, så forvent nye 0-day vulnerabilities i framtiden. Kilde: http://blogs.adobe.com/asset/2013/10/illegal-access-to-adobe-source-code.html

 

Når det gjelder transparency, så hadde de fint lite valg. De var i ferd med å bli outet.

 

Fra artikkelen på http://krebsonsecurity.com/ :

"Adobe Systems Inc. is expected to announce today that hackers broke into its network"

 

 

 

KrebsOnSecurity first became aware of the source code leak roughly one week ago, when this author — working in conjunction with fellow researcher Alex Holden, CISO of Hold Security LLC — discovered a massive 40 GB source code trove stashed on a server used by the same cyber criminals believed to have hacked into major data aggregators earlier this year, including LexisNexis, Dun & Bradstreet and Kroll. The hacking team’s server contained huge repositories of uncompiled and compiled code that appeared to be source code for ColdFusion and Adobe Acrobat.

Shortly after that discovery, KrebsOnSecurity shared several screen shots of the code repositories with Adobe. Today, Adobe responded with confirmation that it has been working on an investigation into a potentially broad-ranging breach into its networks since Sept. 17, 2013.