Adobe Creative Cludge hacked! Personal data stolen

Posted on October 4, 2013 by | 6 Comments
Dobbe Hacking Incident

• Adobe Hacking Incident •
Adobe Creative Cludge system has been hacked. 2.9 million customers have had their personal data exposed to criminals.

Huge security breach!

Adobe admitted yesterday that personal data belonging to nearly three million customers has been exposed to Internet criminals. There is no indication from Adobe how long this has been going on or what they have yet to discover. The extent of the hacking is significant…

“Our investigation currently indicates that the attackers accessed Adobe customer IDs and encrypted passwords on our systems. We also believe the attackers removed from our systems certain information relating to 2.9 million Adobe customers, including customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders”.
Brad Arkin, Chief Security Officer :: Seen on October 3, 2013 8:08 AM in Executive Perspectives

Carefully worded statement

Despite the apparent “no-panic-here” wording of their statement, Adobe perform verbal back-flips in the executive blog released yesterday. In a quiet corner of an FAQ page they tell us… “Adobe’s security team discovered suspicious activity during regular security monitoring”. In computing, terms like that usually mean alarm bells did not go off when the event occurred. This hack was probably undiscovered for a significant period. Nearly three million files cannot be downloaded in minutes! This is a fact corroborated by Brad Arkin, Chief Security Officer. He says, “Very recently, Adobe’s security team discovered sophisticated attacks on our network”. Reading between the lines, they are saying, “Its not our fault, they beat our systems and we just found out about it”.

Brad Arkin opened his blog by saying, “Cyber attacks are one of the unfortunate realities of doing business today”. Internet security should not be trivialised. Everyone should be paranoid about their online security. It is not helpful when senior executives issue statements of familiarity, bordering on contempt, for hacking incidents.

Adobe users pay for this

The recent move to cloud computing for the Adobe suite of applications has created consternation among individual users. Adobe give concessions to businesses to get them to use the Internet based subscription model. However small businesses, particularly photographers, were initially ignored amid big price rises. A recent short-term concession, with no guarantees, has given some users the chance to sign up to the Adobe system.

The Adobe Creative Cloud concept gives users a tiny Internet storage space and limited term access to the system provided they pay monthly for the privilege. This hacking incident makes it clear Adobe cannot protect the user against significant losses. Now criminals know that Adobe are vulnerable it opens them up to cyber extortion. Customer online data files could very well be threatened in a future attempt to hold Adobe to ransom.

Internet commerce is about trust

Adobe justified the Internet subscription model by saying it prevented application piracy. The disclosures yesterday admitted that Adobe application code was also stolen  External link - opens new tab/page. Any IT person will tell you that can happen. Adobe have used false premises as justification for a subscription model.

Trust is a precious commodity on the Internet

• Trust is a precious commodity on the Internet • Adobe are acutely aware of the need for this trust as can be seen by this page on their site.

Customers need to be able to trust internet retailers. It’s a vital component of the Internet ethos. Deliberately misleading customers is unforgivable. This incident throws that trust into doubt where Adobe are concerned. Trust has to be earned and users are paying very high rates indeed.

After the horse has bolted

The final paragraph of the Arkin statement says…

We value the trust of our customers.
Brad Arkin, Chief Security Officer :: Seen on October 3, 2013 8:08 AM in Executive Perspectives

Despite finding customer trust valuable, I was unable to find any apology from Adobe over this incident. But ‘Brad’ does say, “We deeply regret any inconvenience this may cause you”. “May cause you“? There may be more bad news? Regret? You may be sad about it – the customers are likely to be pretty angry!

Note: Definition: Kludge or Cludge

Comments, additions, amendments or ideas on this article? Contact Us
or why not leave a comment at the bottom of the page…

Like this article? Don’t miss the next — sign up for tips by email.

Related articles/links:
Photokonnexion Photographic Glossary – Definitions and articles.
Important Customer Security Announcement by Brad Arkin, Adobe Chief Security Officer
Adobe anti-piracy notice  External link - opens new tab/page
Illegal Access to Adobe Source Code  External link - opens new tab/page
Customer Security Alert  External link - opens new tab/page
Definition: Kludge or Cludge

By Damon Guy (author and Photokonnexion editor)

Damon Guy - Netkonnexion

Damon Guy (Netkonnexion)

Damon is a writer-photog and editor of this site. He has run some major websites, a computing department and a digital image library. He started out as a trained teacher and now runs training for digital photographers.
See also: Editors ‘Bio’.

#1854#

This entry was posted in Photography. Bookmark the permalink.

6 responses to “Adobe Creative Cludge hacked! Personal data stolen