In late 2013, Adobe Systems Inc. reported they were a victim of data leakage. However, several media sources reported after the fact that the breach was more extensive than initially thought. Concerns about the event are currently growing, as the company is now under investigation by the Irish Data Protection Commissioner.
Compromised customer data
According to Reuters, Adobe reported on October 3 that hackers had infiltrated the company systems and stolen source code from Photoshop, Acrobat, ColdFusion and ColdFusion Builder. In addition, the attackers were able to access a considerable number of Adobe IDs and encrypted passwords stored in a separate database. While the extent of the breach was not disclosed at first, the company announced at the end of October that 38 million records were compromised. GigaOM also stated that stolen information affected 2.9 million customers.
Adobe spokeswoman Heather Edell said the company was also investigating if black hats had gained access to invalid and inactive Adobe IDs as well as IDs with invalid encrypted passwords and test account data, which some suspected was also included in the data leakage.
Security researcher and cyberattack expert Marcus Carey told Reuters that the information may have been accessed in plaintext by breaking the algorithm Adobe used to render this information unreadable. Carey noted that this breach could represent a significant threat to endpoint security and data protection as some users may have utilized the same password for other accounts.
“This is a treasure trove for future attacks,” Carey said.
For this reason, it is important that users protect their accounts and endpoints from data leakage. Individuals should establish strong passwords of a variety of characters and create different credentials for their different accounts.
GigaOM recently reported that a plethora of complaints from British users prompted the Irish Data Protection Commissioner to launch an investigation into the 2013 Adobe data leakage. DPC Billy Hawkes is responsible for regulating a considerable amount of the world’s online privacy, including that of Adobe Ireland, the company dealing with North American customers’ information.
“This Office immediately launched an investigation into the matter, which is still ongoing,” the DPC said in a statement according to ZDNet.
Although a DPC spokesperson told GigaOM that the data leakage was reported in line with industry standards, the software company could still face a $340,000 fine depending on investigation findings.
“It’s not clear yet what offense Adobe might have committed, although it would probably relate to not sufficiently securing user data,” GigaOM contributor David Meyer wrote.