Adobe Data Breach

Number: AL13-004
Date: 4 October 2013

Purpose

The purpose of this alert is to notify that, on October 3, 2013, Adobe Systems Inc. announced that it had been the victim of a cyber attack and that the attacker(s) gained access to detailed account information.

Assessment

It was announced that hackers were able to remove information on up to 2.9 million customers, including customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders.

Adobe also announced that the attacker(s) stole source code for Adobe Acrobat, ColdFusion and ColdFusion Builder. At this time the company is not aware of any zero-day vulnerabilities for any of the aforementioned products.

Adobe has been reaching out to all customers who have been affected by this breach, informing them and assisting them with password changes, and raising awareness of the potential misuse of this compromised data.

Suggested action

CCIRC recommends that organizations review the following mitigation steps and consider their implementation in the context of their environment accordingly:

  • Change passwords for all Adobe accounts.
  • Monitor financial accounts that are used for purchasing Adobe products for fraudulent activity.
  • Ensure that all Adobe products are fully patched.

References:

http://blogs.adobe.com/conversations/2013/10/important-customer-security-announcement.html

http://blogs.adobe.com/asset/2013/10/illegal-access-to-adobe-source-code.html

Note to Readers

The Canadian Cyber Incident Response Centre (CCIRC) operates within Public Safety Canada, and works with partners inside and outside Canada to mitigate cyber threats to vital networks outside the federal government. These include systems that keep Canada's critical infrastructure functioning properly, such as the electrical grid and financial networks, or contain valuable commercial information that underpins our economic prosperity. CCIRC supports the owners and operators of systems of national importance, including critical infrastructure, and is responsible for coordinating the national response to any serious cyber security incident.

For general information, please contact Public Safety Canada's Public Affairs division at:

Telephone: 613-944-4875 or 1-800-830-3118
Fax: 613-998-9589
E-mail: communications@ps-sp.gc.ca