Network Security Case Study: Adobe Data Breach

Adobe Data Breach:

Date: October 2013

Impact: 38 million

Adobe has said that source code for Photoshop was stolen. Making matters worse, a file containing 150 million usernames and hashed passwords has appeared online, and the company says that 38 million accounts were directly impacted by the incident.

Earlier this month, Adobe announced that during a security audit in September, the company discovered that attackers had accessed customer names and IDs, encrypted passwords, encrypted credit and debit card numbers and expiration dates, as well as other data. On top of the PII lost during the incident, Adobe confirmed that source code Adobe Acrobat, ColdFusion, ColdFusion Builder and "other Adobe products," was also compromised.

"So far, our investigation has confirmed that the attackers obtained access to Adobe IDs and (what were at the time valid), encrypted passwords for approximately 38 million active users, Adobe's Heather Edell told CSO via email.

What has Adobe done in Response:

As a precaution, Adobe immediately reset passwords for all users whose current credentials (Adobe ID accounts with valid, encrypted passwords) were in the database that was taken by the attackers to help prevent unauthorized access to Adobe ID accounts. They sent email notification to these users with information on how to change their passwords. They recommend that customers change their passwords on any website where they may have used the same user ID and password.

They also notified customers whose credit or debit card information we believe to be involved in the incident. In addition to email notification, customers whose credit or debit card information was involved received a notification letter from us with additional information on steps they can take to help protect themselves against potential misuse of personal information about them. They also notified the banks processing customer payments for Adobe, so that they could work with the payment card companies and card-issuing banks to help protect customers' accounts.

They continue to work diligently internally, as well as with external partners, to address the incident. We contacted federal law enforcement and are continuing to assist in their investigation.

Refernce:
https://www.csoonline.com/article/2130877/data-breach/the-biggest-data-breaches-of-the-21st-century.html
https://helpx.adobe.com/x-productkb/policy-pricing/customer-alert.html