Last year in November, an Egyptian hacker known as Hima broke into American multinational computer software company Adobe’s systems and released 150,000 Adobe emails and passwords to get the company’s attention. And lately, again the company’s systems has been hacked. This time, around double info has been compromised than last time!
Yesterday, Brad Arkin, chief security officer of Adobe disclosed that one of its servers has been hacked by hackers. The hackers accessed to 2.9 million customers’ information, including account IDs and encrypted passwords as well as credit and debit card numbers.
So how did the hackers got access to the system? Well apparently, according to Adobe, in July of this year, at least two malicious files were digitally signed using a valid Adobe certificate. Although only two files were signed, the hack effectively gave the attackers the ability to create malware masquerading as legitimate Adobe software and signals a raising of the stakes in the world of Advanced Persistent Threats (APTs).
The company thinks the hackers might have been able to access the source code for at least three of Adobe’s products: Acrobat, ColdFusion, and ColdFusion Builder. This goes hand in hand with a report from Brian Krebs this morning, who noted that he and a fellow researcher had discovered at least 40GB of Adobe source code available on a hacking group’s private server.
However, the company has reset the passwords of affected customers and has also recommended that those affected should change their passwords for other websites. Right now, Adobe is “working diligently internally” to solve the issues.