Oct. 3 Adobe Systems Security Breach Announcement - Ramifications and Action

by Matt Dicksion

On October 3, Adobe Systems Inc. announced a serious security breach. Sometime in mid-August 2013, hackers breached part of Adobe's network and stole:

  • Encrypted credit/debit card information for approximately 2.9 million users - Login data for an undetermined number of Adobe user accounts - Source code for ColdFusion - Source code for Acrobat, including still-unreleased features

This breach is especially significant because of the source code compromise. ColdFusion is very widely used to drive business websites and mobile apps. Vulnerabilities in ColdFusion have been used recently in attacks against cybersecurity agencies. Likewise, Acrobat resides on the majority of users' laptops and desktops; it, too, has often been exploited by cybercriminals looking for a way to plant malware on users' machines.

Adobe has been diligent about releasing security patches and updates to improve the security of its offerings. However, with the source code in hand, it will be much easier for hackers to discover new vulnerabilities, and they have already had it for at least six weeks.

Users and administrators alike need to respond to this particular breach:

  • Adobe has reset affected passwords, but users will need to log in and enter new ones. (Consult the Adobe security alert at http://helpx.adobe.com/x-productkb/policy-pricing/customer-alert.html for instructions.)
  • Hackers will run the Adobe login/password combinations against other popular sites like Facebook, Google, PayPal, Amazon, and banking sites. If the passwords on any of those sites is the same as the one on the Adobe site, they need to be changed too.
  • Adobe says it is notifying the banks as to which credit cards need to be watched for fraudulent activity. Still, it would be a good idea to put a fraud alert or watch on any credit/debit cards whose information was stored at Adobe.
  • Adobe says it will release critical security updates for Acrobat and Reader on October 8. Users need to make sure their Adobe Acrobat and Reader versions are up to date. Consider deactivating any Acrobat plugins built into the web browser, if possible.
  • ColdFusion site administrators should go through the lockdown guide at http://wwwimages.adobe.com/www.adobe.com/content/dam/Adobe/en/products/c... . Steps should also be taken to isolate ColdFusion servers from the rest of the network as much as possible, to limit the effect of any future ColdFusion exploit.

This security breach will echo through the cybersecurity field for some time. If there are any more vulnerabilities to be found in Adobe Acrobat, administrators must expect them to be found within the next few months. Similarly, it is not hard to imagine a scenario for ColdFusion web servers similar to the recent widespread compromise of Apache webservers by the Linux/Cdorked.A backdoor.