Adobe hacked—source code and customer accounts compromised

In case you missed it yesterday, Adobe has been hacked.

Brad Arkin, Chief Security Officer of Adobe, explained the incident in a blog post. “Our investigation currently indicates that the attackers accessed Adobe customer IDs and encrypted passwords on our systems.” He added, “We also believe the attackers removed from our systems certain information relating to 2.9 million Adobe customers, including customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders.”

I like Brad, I respect Adobe, and I understand the logic behind making a statement like that. From a security or consumer perspective, though, it really needs to be taken with a grain of salt. Of course there’s an increased risk as a result of unauthorized access to widely-used product source code and sensitive information on three million customers.

To be fair, though. Arkin didn’t say there’s no increased risk. He said Adobe is not aware of a specific increased risk—which could be translated to “To our knowledge, attackers have not yet leveraged this information to craft exploits against our products, attack customer sites that rely on our products, or steal the identities of our customers.” That may be a true statement…right now. It’s early. Give them time.

Dwayne Menlancon, chief technology officer for Tripwire, cautions, “The fact that the breach involves source code for creating web content should be concerning for Adobe and its customers, as it may enable the attackers to tamper with others’ production web sites.”

The Adobe breach is rumored to have been perpetrated by the same attackers that compromised LexisNexis and a number of other organizations, and Melancon believes it’s likely they relied on the same techniques. If that’s true, the attackers planted a rogue executable on the targeted systems and used that to create a command & control channel back to the attackers.

Melancon is CTO of Tripwire—which established its name as a tool for identifying and tracking file and configuration changes—so he should know a thing or two about guarding against an attack like this. “These breaches underscore the importance of continuously monitoring your systems for suspicious changes, verifying any unrecognized programs on your systems, and establishing strong foundational controls so you can tell ‘good’ from ‘bad’ in your production environment—and to prepare before something bad happens, rather than after the damage has already been done.”

It’s important for organizations to maintain a good baseline of known, trusted, and secure system configurations and application binaries. It’s crucial in today’s environments to be able to quickly tell which systems, applications, and components you can trust.

If you’re concerned that your website or applications may be at risk as a result of the Adobe source code compromise, Adobe has published some hardening guidelines to help you guard against potential attacks.