Results 1 to 18 of 18

Thread: Adobe Hack

  1. #1

    Join Date
    Jul 2011
    Location
    A Pacific Island
    Posts
    941
    Real Name
    Andrew

    Adobe Hack

    This is a few days old but I didn't see an existing thread.

    http://gigaom.com/2013/10/04/adobe-s...-bad-real-bad/

  2. #2
    Glenn NK's Avatar
    Join Date
    Sep 2010
    Location
    Victoria BC
    Posts
    1,510

    Re: Adobe Hack

    It's all over the photo forums - not a good omen for Abobe.

    What's bothersome, is that potentially credit card numbers, etc. were also involved.

    Glenn

  3. #3

    Join Date
    Jun 2013
    Location
    North West of England
    Posts
    7,178
    Real Name
    John

    Re: Adobe Hack

    According to Adobe, no decrypted credit card data was hacked but if you have an Adobe a/c, now's the time to change your password.

  4. #4
    Glenn NK's Avatar
    Join Date
    Sep 2010
    Location
    Victoria BC
    Posts
    1,510

    Re: Adobe Hack

    I changed mine.

    G

  5. #5
    Brownbear's Avatar
    Join Date
    Jul 2011
    Location
    British Columbia, Canada
    Posts
    7,244
    Real Name
    Christina

    Re: Adobe Hack

    What is Adobe a/c... I started changing all my passwords but perhaps there is no need to.



    Quote Originally Posted by John 2 View Post
    According to Adobe, no decrypted credit card data was hacked but if you have an Adobe a/c, now's the time to change your password.

  6. #6
    James G's Avatar
    Join Date
    Dec 2009
    Location
    Birmingham UK
    Posts
    1,471
    Real Name
    James Edwards

    Re: Adobe Hack

    Christina, you might have set up an adobe account when you registered either Lightroom or PSE.

    The 'simple' test is did you use your credit card to buy from Adobe via the web?

    If so, like me, you will have supplied credit card details.

    That said, if you have not received an email from Adobe informing you that your account details may have been hacked you are OK.

    I received mine on Friday last, and I changed that password group immediately.

    James

  7. #7

    Join Date
    Jun 2013
    Location
    North West of England
    Posts
    7,178
    Real Name
    John

    Re: Adobe Hack

    Interesting Article. It's worth a read. I have to wonder whether Adobe's recent change to Cloud marketing has in some way facilitated this?

    http://www.itproportal.com/2013/10/0...-crown-jewels/

  8. #8

    Join Date
    Dec 2008
    Location
    New Zealand
    Posts
    17,660
    Real Name
    Have a guess :)

    Re: Adobe Hack

    What I'm really hoping for is the successful tracking down and prosecution of these thieves and vandals. If I had my way they'd be locked away for a VERY long time - without computer access - on a diet of bread and water.

  9. #9

    Join Date
    Jun 2013
    Location
    North West of England
    Posts
    7,178
    Real Name
    John

    Re: Adobe Hack

    Phoned my Credit card provider today. They have an advisory in place and immediately cancelled my card and dispatched a new one FOC.

    Colin I'm with you WRT the hackers. It reminded me of a recent UK news item concerning a convicted hacker who quite incredibly was allowed to join a computer class whilst he was in the nick and yes you've guessed, he hacked into the prison's admin computer. The mind boggles.

  10. #10
    Brownbear's Avatar
    Join Date
    Jul 2011
    Location
    British Columbia, Canada
    Posts
    7,244
    Real Name
    Christina

    Re: Adobe Hack

    Thank you. Yes, I purchased LR and PSE on-line, and used my credit card. I did receive the email and have changed that password already and will change the rest of my important passwords as many are a variation of that same password.



    Quote Originally Posted by James G View Post
    Christina, you might have set up an adobe account when you registered either Lightroom or PSE.

    The 'simple' test is did you use your credit card to buy from Adobe via the web?

    If so, like me, you will have supplied credit card details.

    That said, if you have not received an email from Adobe informing you that your account details may have been hacked you are OK.

    I received mine on Friday last, and I changed that password group immediately.

    James

  11. #11
    Glenn NK's Avatar
    Join Date
    Sep 2010
    Location
    Victoria BC
    Posts
    1,510

    Re: Adobe Hack

    Quote Originally Posted by Christina S View Post
    Thank you. Yes, I purchased LR and PSE on-line, and used my credit card. I did receive the email and have changed that password already and will change the rest of my important passwords as many are a variation of that same password.
    I used my credit card to purchase all versions of LR from 1.0 to 5, and I am registered as a user.

    Although I did not receive a notice from Adobe, I have changed my password.

    G

  12. #12
    Glenn NK's Avatar
    Join Date
    Sep 2010
    Location
    Victoria BC
    Posts
    1,510

    Re: Adobe Hack

    Quote Originally Posted by Colin Southern View Post
    What I'm really hoping for is the successful tracking down and prosecution of these thieves and vandals. If I had my way they'd be locked away for a VERY long time - without computer access - on a diet of bread and water.
    What no public lashes and public torture?

    Glenn

  13. #13
    James G's Avatar
    Join Date
    Dec 2009
    Location
    Birmingham UK
    Posts
    1,471
    Real Name
    James Edwards

    Re: Adobe Hack

    I've had a word with my bank and on the basis that any encryption is at best a delaying tactic I've asked them to reissue my Credit cards and cancel the current cards.

    Its a pain, but not worth the risk!

    As regards the Hackers.... @#&&s to them, and as my old (irish) granny would have said, "eternal bad cess to them". She did have a way with words

  14. #14

    Join Date
    Dec 2008
    Location
    New Zealand
    Posts
    17,660
    Real Name
    Have a guess :)

    Re: Adobe Hack

    Quote Originally Posted by Glenn NK View Post
    What no public lashes and public torture?

    Glenn
    Personally - yes - for sure, but last time I suggested that as a punishment for the Boston Bomber I ended up starting a global thermonuclear was with some around here!

  15. #15
    yauman's Avatar
    Join Date
    May 2013
    Location
    Martinez, CA, USA
    Posts
    47
    Real Name
    Yau-Man Chan

    Re: Adobe Hack

    As one who worked in IT for the last 30 years and whose butt was on the line if any of institution's servers were hacked, this is quite a serious compromise and I think Adobe is not yet ready to disclose the whole story. It was a sustained hack and they lost some of their source codes - which I find very surprising and which I hope is not true. They obviously need a new IT Security team and look into revamping their whole server security setup. It's just not acceptable for such a big company to be on the receiving end of a "sustained hack" and not find out about it till the hack was successful. There are so many way to prevent or divert these kinds of attacks and I find it quite puzzling how it got by them. Very very disturbing.
    http://arstechnica.com/security/2013...-network-hack/

  16. #16

    Join Date
    Dec 2008
    Location
    New Zealand
    Posts
    17,660
    Real Name
    Have a guess :)

    Re: Adobe Hack

    Quote Originally Posted by yauman View Post
    As one who worked in IT for the last 30 years and whose butt was on the line if any of institution's servers were hacked, this is quite a serious compromise and I think Adobe is not yet ready to disclose the whole story. It was a sustained hack and they lost some of their source codes - which I find very surprising and which I hope is not true. They obviously need a new IT Security team and look into revamping their whole server security setup. It's just not acceptable for such a big company to be on the receiving end of a "sustained hack" and not find out about it till the hack was successful. There are so many way to prevent or divert these kinds of attacks and I find it quite puzzling how it got by them. Very very disturbing.
    http://arstechnica.com/security/2013...-network-hack/
    I too have worked in IT for about the same time - and I'm also answerable if servers get hacked (just as a frame of reference).

    I don't necessarily agree with the "need a new security team" part though; Obviously on this occasion the bad guys got the better of them - but what's to say that things would have been any different if this "new security team" had already been in place?

    I don't think it's necessarily a valid response to fire someone because of an issue like this any more than it would be to fire Sebastian Vettel just because he didn't win every race; sometimes things happen - and in my opinion - it's more important to look at what happened - how it happened - and how to stop it happening again. Replacing people with a certain track record doesn't guarantee a better result -- it just opens up the potential for a DIFFERENT result (which may be better or it may be worse).

    Replacing an existing (and I'm sure very comprehensive) security team with another would probably expose them to even more risk because "the new team" would have zero experience with Adobe, and would be on a very steep learning curve. And just because the bad guys scored a rare win on this occasion doesn't mean to say that the security team are idiots.

  17. #17

    Join Date
    Nov 2009
    Location
    Provence, France
    Posts
    990
    Real Name
    Remco

    Re: Adobe Hack

    What I find most surprising is that the intruders got both financial information and source code. I'd expect these to be on different servers with different access privileges,
    i.e. even the administrator accounts on one of the servers shouldn't have direct access to the other (and most certainly not the same passwords).

  18. #18

    Join Date
    Dec 2008
    Location
    New Zealand
    Posts
    17,660
    Real Name
    Have a guess :)

    Re: Adobe Hack

    Quote Originally Posted by revi View Post
    What I find most surprising is that the intruders got both financial information and source code. I'd expect these to be on different servers with different access privileges,
    i.e. even the administrator accounts on one of the servers shouldn't have direct access to the other (and most certainly not the same passwords).
    Depends a bit on how they did it. I would have thought the same as you, but it is possible that they have trusted internal domains that give domain admins access to other domains. Who knows - they may even have had a bit of "help from the inside".

    We'll probably never know. I'll bet their security depts will have been putting in a bit of overtime last week or so though.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •