Adobe hacked: lost source code and millions of user credentials

In a blog post published two days ago, Adobe Inc., the publisher of Adobe Acrobat, Coldfusion and many, many other titles, has reported that their infrastructure was hacked and source code of several products was stolen.

The breach has been discovered by the researcher Brian Krebs and by the audit company Hold Security LLC.

Additionally, the company said hackers also accessed nearly three million customer credit card records, and stole login data for an undetermined number of Adobe user accounts. Adobe said the credit card numbers were encrypted and that the company does not believe decrypted credit card numbers left its network. Nevertheless, the company said that later today it will begin the process of notifying affected customers — which include many Revel and Creative Cloud account users —  via email that they need to reset their passwords. A separate customer security alert for users affected by this breach is published on Adobe’s website.



The most disturbing news is that, according to Krebs, Adobe knew about the data breach since mid-August and since September 17th are actively investigating it.

This is bad news for Adobe and for the users that are paying clients of Adobe.

What about the rest of the Adobe users (free) like those of Acrobat Reader, Fusion, Flash and others?

This is the biggest problem in my opinion. If the attackers find some vulnerabilities in the stolen code, they will be basically the only ones that know about them. This way they will be in possession of an exploit that can’t be detected by any security software and even by Adobe (that could fix the vulnerabilities that might get exploited).

In the same time, Adobe published information about releasing critical security updates next Tuesday,October 8, 2013, for Adobe Acrobat and Adobe Reader. This is a very suspicious coincidence in my opinion. Could it be, that Adobe knew about some vulnerabilities that didn’t get publish yet?

Time will tell.

Until things get fully clarified, please don’t open documents of Adobe  products that come from untrusted or unknown sources. You never know…



Sorin Mustaca

IT Security Expert


via Avira – TechBlog

© Copyright Sorin Mustaca, All rights Reserved. Written For: Sorin Mustaca on Cybersecurity

Check for seeing the consulting services we offer.

Visit for latest security news in English
Besuchen Sie für IT Sicherheits News auf Deutsch

About the Author

Sorin Mustaca
Sorin Mustaca, (ISC)2 CSSLP, CompTIA Security+ and Project+, is working since over 20 years in the IT Security industry and worked between 2003-2014 for Avira as Product Manager for the known products used by over 100 million users world-wide. Today he is CEO and owner of Endpoint Cybersecurity GmbH focusing on Cybersecurity, secure software development and security for IoT and Automotive. He is also running his personal blog Sorin Mustaca on Cybersecurity and is the author of the free eBook Improve your security .
%d bloggers like this: