When it comes to computer and cloud security issues, we like to keep our insured attorneys and the legal community in the know. This update concerns Adobe, where on Thursday October 3 the company announced that its “security team discovered sophisticated attacks” on its network, “involving the illegal access of customer information as well as source code for numerous Adobe products.” The post on Adobe Featured Blogs came from Brad Arkin, Chief Security Officer for the company. Arkin goes on to admit:
“Our investigation currently indicates that the attackers accessed Adobe customer IDs and encrypted passwords on our systems. We also believe the attackers removed from our systems certain information relating to 2.9 million Adobe customers, including customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders.”
Arkin states that Adobe is “working diligently” on the corporate level and with external partners and law enforcement to address the theft, saying that the company is taking the following steps:
- Resetting relevant customer passwords in order to help avert future unauthorized access to accounts (see example email below)
- Notifying customers whose credit or debit card information is believed to have been compromised
- Notifying banks that process customer payments for Adobe to help protect customers’ accounts
- Contacting federal law enforcement and assisting in the investigation
The company is also, in their words, “investigating the illegal access of source code for Adobe Acrobat, ColdFusion, ColdFusion Builder and other Adobe products by an unauthorized third party.”
Adobe’s security issues are not new and certainly come about based on its many products’ widespread use and success, including Adobe Reader for PDFs documents and Photoshop. Writing for CNN Money, Jose Pagliery states:
“Adobe's software is a prime target, cyber security experts say, because its core code is old and weak by today's standards. Updates and patches that are built on top of that code can't make up for its inherent flaws. It's akin to making repairs to a house with a sinking foundation.”
Pagliery goes on to say that, as for Adobe security, “Former Apple CEO Steve Jobs in 2010 addressed the issue in an open letter rant about Adobe’s security, blaming the company’s Flash player for being ‘the number one reason Macs crash’ and citing Flash for having ‘one of the worst security records in 2009.’”
The theft of Adobe source code could also become a worrisome issue for the U.S. government since the software is used on at least 11 government agencies’ websites.
What should you do if your firm uses Adobe products? Adobe states, “[W]e recommend customers run only supported versions of the software, apply all available security updates, and follow the advice in the Acrobat Enterprise Toolkit and the ColdFusion Lockdown Guide.”
If you learn that your Adobe account has been hacked, even if you did not have confidential credit or debit card information stored on it, your login and password have likely been compromised and those hackers may be able to access other accounts you have online, particularly if you are one to use the same login and password across multiple accounts.
Be safe online and stay tuned for future posts on how to keep your firm and data safe.
(Example of email from Adobe.)
Kiffin Hope+ is the Social Media Community Manager for ALPS. He runs the ALPS 411 law blog, working with contributors from around the country. His posts cover tech, cyber security threats, and smartphones.