Adobe compromised, announces breach

Looks like Adobe, makers of products as Photoshop and Adobe Reader, has suffered a major compromise. Brian Krebs, of Krebs On Security and Alex Holden, CISO of Hold Security LLC, discovered the breach earlier this week by

adobe_logo_bullets

In a joint research effort they have found a trove of files, including uncompiled source code for Adobe products on a server known to be used by cyber criminals.

You can read the complete post from Brian here.

He has confirmed that Adobe is presently investigating a network compromise, and despite believing no customer credit card information exited their networks, they will be notifying potentially affected customers to change passwords.

Adobe has been moving towards an online, subscription based solution for a significant portion of their products, and a breach of this magnitude is a terrible thing to happen for them and their user base.

Vulnerability research is also made considerably easier if you have the source code to the application you are trying to exploit.

You can read the full Adobe security advisory here and here.

Kudos to them for coming clean and officially disclosing that the breach occurred.

ABOUT THE AUTHOR

Jean Taggart

Senior Security Researcher

Incorrigible technophile who loves to break stuff and habitually voids warranties.