It seems like every week we hear of a new massive corporate data raid–and last week was no different. On Thursday morning, many Adobe users woke to an email from the computer software giant stating that the company’s security had been breached, along with the sensitive data of millions of users. In the email, Adobe confirmed that cybercriminals had illegally gained access to their network, obtaining more than 2.9 million user’s names, encrypted credit and debit card numbers, card expiration dates, login IDs, and passwords. Adobe’s source code for several products including Acrobat and ColdFusion was also accessed. What’s more, investigative journalist Brian Krebs has revealed that the attack was orchestrated by the same criminals behind the SSNDOB.ms botnet that I covered in my blog last week.
While this data breach is still being investigated, Adobe has taken several commendable steps to help their users recover. In addition to resetting passwords, the company has advised all of its users to do a sweep of all accounts that may share similar login details, and reset those passwords as well. Adobe has also offered a full year of complimentary credit monitoring membership to consumers whose financial information was compromised. Finally, Adobe has notified banks that process Adobe-related payments, and is working with federal law enforcement in the investigation. So far, there is no reason to believe that cybercriminals obtained decrypted credit card numbers, but Adobe has recommended that its users pay careful attention to future account statements and credit reports just in case.
While the compromised personal data of Adobe users is troubling, it might only be a fraction of this cyber attack’s equation. In the breach, hackers allegedly obtained some Adobe source code, which could potentially open a gateway for a number of viruses, malware, and exploits, according to Hold Security. Although Adobe engineers are still in the process of checking over the integrity of its source code, if the cybercriminals were able to alter such code, the security implications would be widespread since Adobe products are installed on most of our devices and stored on many government and corporate servers around the world. As of now, Adobe has reported no vulnerabilities being targeted in their products, but we will continue to monitor the investigation as it unfolds.
Adobe isn’t the first major company to be targeted by cybercriminals, and it won’t be the last. This should serve as a reminder to us all that even large and trusted companies can be taken down by cybercriminals, and precautions must be taken to ensure that you’re not a victim.
- Create strong passwords, and change them regularly. Passwords should be easy for you to remember, but hard for others to guess. The essentials for a secure password are length, numbers, symbols, and upper- and lower-case letters. As a further step, remember to change these every few months and never reuse across accounts. McAfee SafeKey Password Manager (part of the McAfee LiveSafe™ service) helps you create strong passwords, allows single click login to any site and ensures that your passwords are always secure.
- When possible, use two-step verification. If a website or service allows you to use two-step verification, it pays to add the extra layer of security to your information. Two step verification, in many cases, involves both a password and another level of security–such as entering a code that has been text messaged to your mobile device.
- Install updates on software when they’re released. When you receive notifications from application and software providers that an update has been made available, be sure to act quickly. For PC owners, the vulnerability scanner included with McAfee LiveSafe™ will alert you when programs are out of date, helping you to stay on top of regular updates to your installed programs, and protect you from recently discovered security gaps in software.
- Secure your data, identity, and all your devices. Enjoy a safe online experience no matter what you do or where you are. With McAfee LiveSafe™ you can block hackers and thieves, protect your computer, smartphone and tablets from viruses and malware, and safeguard your identity and data.