funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Adobe Breach Impacted At Least 38 Million Users

From: Jeffrey Walton <noloader () gmail com>
Date: Sat, 2 Nov 2013 15:07:09 -0400
Well, it keeps getting worse.... How would you like to be a share
holder watching the IP of a flagship product fly out the window?

(And I bet Adobe executives will give themselves a bonus for a job well done).

http://www.usprocyclingnews.com/technology-22/adobe-hack-far-worse-than-originally-thought-38-million-users-hit-1622.html

he recent data breach at Adobe that exposed user account information
and prompted a flurry of password reset emails impacted at least 38
million users, the company now says. It also appears that the already
massive source code leak at Adobe is broadening to include the
company’s Photoshop family of graphical design products

In a breach first announced on this blog Oct. 3, 2013, Adobe said
hackers had stolen nearly 3 million encrypted customer credit card
records, as well as login data for an undetermined number of Adobe
user accounts.

At the time, a massive trove of stolen Adobe account data viewed by
KrebsOnSecurity indicated that — in addition to the credit card
records – tens of millions of user accounts across various Adobe
online properties may have been compromised in the break-in. It was
difficult to fully examine many of the files on the hackers’ server
that housed the stolen source because many of the directories were
password protected, and Adobe was reluctant to speculate on the number
of users potentially impacted.

But just this past weekend, AnonNews.org posted a huge file called
“users.tar.gz” that appears to include more than 150 million username
and hashed password pairs taken from Adobe. The 3.8 GB file looks to
be the same one Hold Security CISO Alex Holden and I found on the
server with the other data stolen from Adobe.

Adobe spokesperson Heather Edell said the company has just completed a
campaign to contact active users whose user IDs with valid, encrypted
password information was stolen, urging those users to reset their
passwords. She said Adobe has no indication that there has been any
unauthorized activity on any Adobe ID involved in the incident.
...
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: