Adobe are the latest in a long line of online services that have been compromised. In a post on the company blog, they outline the detail of what occurred.
Very recently, Adobe’s security team discovered sophisticated attacks on our network, involving the illegal access of customer information as well as source code for numerous Adobe products. We believe these attacks may be related.
Our investigation currently indicates that the attackers accessed Adobe customer IDs and encrypted passwords on our systems. We also believe the attackers removed from our systems certain information relating to 2.9 million Adobe customers, including customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders. At this time, we do not believe the attackers removed decrypted credit or debit card numbers from our systems.
As an Adobe Creative Cloud customer I’m surprised that there has been no email regarding this security breach. That said the information that has been accessed, in particular credit cards, were encrypted. Assuming the hackers received a hash of the credit card number and expiration date, using a strong hashing algorithm, I’m comfortable that Adobe has done what they need on the back end. What we don’t know yet is what front end vulnerability lead to the intrusion.
Adobe are resetting user passwords as a precaution. Adobe have contacted federal law enforcement to assist their investigations, so for those hackers, you better hope you covered your tracks well.
More info at Adobe.