Luminous Landscape Forum

Raw & Post Processing, Printing => Digital Image Processing => Topic started by: thierrylegros396 on October 04, 2013, 03:46:48 AM

Title: Adobe, Important Customer Security Alert !
Post by: thierrylegros396 on October 04, 2013, 03:46:48 AM
No more confidence in Cloud(s) and Adobe for me !

Read below especially if you are concerned.


Important Customer Security Alert
To view this message in a language other than English, please click here.

We recently discovered that attackers illegally entered our network. The attackers may have obtained access to your Adobe ID and encrypted password. We currently have no indication that there has been unauthorized activity on your account. If you have placed an order with us, information such as your name, encrypted payment card number, and card expiration date also may have been accessed. We do not believe any decrypted card numbers were removed from our systems.

To prevent unauthorized access to your account, we have reset your password. Please visit www.adobe.com/go/passwordreset to create a new password. We recommend that you also change your password on any website where you use the same user ID or password. As always, please be cautious when responding to any email seeking your personal information.

We also recommend that you monitor your account for incidents of fraud and identity theft, including regularly reviewing your account statements and monitoring credit reports. If you discover any suspicious or unusual activity on your account or suspect identity theft or fraud, you should report it immediately to your bank. You will be receiving a letter from us shortly that provides more information on this matter.

We deeply regret any inconvenience this may cause you. We value the trust of our customers and we will work aggressively to prevent these types of events from occurring in the future. If you have questions, you can learn more by visiting our Customer Alert page, which you will find here.
Adobe Customer Care
Title: Re: Adobe, Important Customer Security Alert !
Post by: stamper on October 04, 2013, 03:51:05 AM
I received the same message but is it for real? More information needed before changing anything? ::)
Title: Re: Adobe, Important Customer Security Alert !
Post by: stamper on October 04, 2013, 04:32:47 AM
It seems that this is indeed real. I have reset my password but what does this mean regarding credit cards that has been stored. Should the credit card company be contacted or does Adobe do that?
Title: Re: Adobe, Important Customer Security Alert !
Post by: chez on October 04, 2013, 06:57:52 AM
It seems that this is indeed real. I have reset my password but what does this mean regarding credit cards that has been stored. Should the credit card company be contacted or does Adobe do that?

A few months back I had my MasterCard card canceled by the credit card company and a new one issued because it was potentially compromised. They did not tell me details. I would think your credit card company would be responsible dealing with notifications to people who's credit could be in jeopardy.
Title: Re: Adobe, Important Customer Security Alert !
Post by: cgoss on October 04, 2013, 07:48:47 AM
I received a copy of the same email which clearly states

Quote
To prevent unauthorized access to your account, we have reset your password.

Yet, when I accessed my account I found it fully functional using the old password.  Beware.
Title: Re: Adobe, Important Customer Security Alert !
Post by: Ken Richmond on October 04, 2013, 08:24:18 AM
Does Snowden still have his computer?

Ken Richmond
Title: Re: Adobe, Important Customer Security Alert !
Post by: DavidJ on October 04, 2013, 08:57:51 AM
I reset my password online and spoke to Adobe UK on the phone who confirmed that my details had been hacked. I therefore decided to freeze my credit card and get a new one sent.

David
Title: Re: Adobe, Important Customer Security Alert !
Post by: BobShomler on October 04, 2013, 09:58:37 AM
Looks real;also read it in this morning's newspaper.  Here's Adobe's page:

  http://blogs.adobe.com/conversations/2013/10/important-customer-security-announcement.html
Title: Re: Adobe, Important Customer Security Alert !
Post by: stamper on October 04, 2013, 10:49:19 AM
I phoned my credit card company and they say they know nothing about it and I should contact Adobe. I phoned them but couldn't get through. The credit card company - Mastercard - warned against re setting the password. Confused? I am.
Title: Re: Adobe, Important Customer Security Alert !
Post by: stamper on October 04, 2013, 11:03:21 AM
Contacted Adobe and the reply was.

Rohit_singh: Hello! Welcome to Adobe Customer Service.

Rohit_singh: Thank you for contacting Adobe Systems, my name is Rohit, how can I help you today

: Have my credit card details been comprimised by the hacking?

Rohit_singh: Just a moment

Rohit_singh: At this time, we believe that the strength of the encryption algorithm and key are sufficient to prevent decryption of the encrypted card data without the key.

 Thank you

That seems to be the "official line"
Title: Re: Adobe, Important Customer Security Alert !
Post by: Slobodan Blagojevic on October 04, 2013, 11:15:50 AM
Has anyone noticed this part of the Adobe official statement:

Quote
encrypted payment card number, and card expiration date also may have been accessed. We do not believe any decrypted card numbers were removed from our systems.

Apparently, what was stolen were encrypted numbers. Maybe hackers will be able to decrypt them, maybe not. Decrypting a single number probably is not such a huge task, but 2.9 millions? Also, it shall be noted that Adobe "believes" (ie, not sure) their decrypted numbers were not compromised.
Title: Re: Adobe, Important Customer Security Alert !
Post by: Slobodan Blagojevic on October 04, 2013, 11:35:39 AM
I phoned my credit card company and they say they know nothing about it and I should contact Adobe. I phoned them but couldn't get through. The credit card company - Mastercard - warned against re setting the password. Confused? I am.

Stamper,

Mastercard advice against resetting the password is based on the usual phishing scam, where a hacker poses as a legitimate site (ie, Adobe) and asks you to go to a legitimately-looking (but actually fake) site and reset your password, asking for your old password along the way.

This event is a real one, and thus resetting your password would be a reasonable move.

As for Adobe contacting your CC company... probably not going to happen. Such level of inter-company co-ordination is probably a distant dream. In many companies, one internal department is often not fully aware what other departments are doing. Just ask federal agencies in the pre-9/11 era (heck, ask them even today).

I do not believe that there are protocols in place to transfer 2.9 million numbers to major credit card companies. That would also require decryption prior to sending (thus increasing the risk).
Title: Re: Adobe, Important Customer Security Alert !
Post by: sniper on October 04, 2013, 11:39:47 AM
On the tv news here todays it was said that Adobe are not sure what dats has been hacked yet and are still checking (or words to that effect)  we won't know for sure untill all the infos in.
I'd suggest checking with your card company, I doubt adobe will contact them all.
Title: Re: Adobe, Important Customer Security Alert !
Post by: Tim Lookingbill on October 04, 2013, 12:19:54 PM
I'ld like to give some perspective in order to alleviate the fear being generated in this thread understandably over concerns of ID theft from Adobe's servers being hacked coming from someone who just recently became an ID theft victim in 2012 by way of fraudulent charges placed on my credit card and fake IRS tax returns filed to gain a huge refund using my SSN, home address & DOB.

Here's the skinny...

The money stolen in your name by way of fraudulent accounts and existing accounts you will never be responsible for and will be paid by the financial institution's insurance company. Also the folks who actually use the ID info to commit the actual fraud rarely are caught and prosecuted, so I guess you can see who is the real loser here...the insurance companies.

The only thing the ID theft victim will be burdened with is filling out letters and affidavits to law enforcement on all levels from city, county, state and federal (the FTC) as well as put credit freezes to not only report the crime but also prove it wasn't you that raked up all these charges IOW it's going to be a time consuming experience similar to grant writing or filling out applications for loans with the (SBA) Small Business Administration.

How can I be this blunt about this? I started asking ID theft questions (which I never did before in my entire 54 years) to close to ten random people in my community and financial institution CSR's who all told me of their ID theft experience which varied by dollar amount lost and methods used to commit fraud in their name. They all said they didn't lose money and the perps were never caught or prosecuted.

This is the perfect crime and it scares the hell out of me, but I don't know why.
Title: Re: Adobe, Important Customer Security Alert !
Post by: Isaac on October 04, 2013, 12:22:58 PM
I'd suggest checking with your card company, I doubt adobe will contact them all.

"We have notified the banks processing customer payments for Adobe, so that they can work with the payment card companies and card-issuing banks to help protect customers accounts."

http://blogs.adobe.com/conversations/2013/10/important-customer-security-announcement.html
Title: Re: Adobe, Important Customer Security Alert !
Post by: Ken Richmond on October 04, 2013, 01:11:48 PM
So why isn't my president on this?  Can't his NSA find and drone these clowns?

Ken Richmond
Title: Re: Adobe, Important Customer Security Alert !
Post by: Steve Weldon on October 04, 2013, 01:58:21 PM
Contacted Adobe and the reply was.

Rohit_singh: Hello! Welcome to Adobe Customer Service.

Rohit_singh: Thank you for contacting Adobe Systems, my name is Rohit, how can I help you today

: Have my credit card details been comprimised by the hacking?

Rohit_singh: Just a moment

Rohit_singh: At this time, we believe that the strength of the encryption algorithm and key are sufficient to prevent decryption of the encrypted card data without the key.

 Thank you

I dunno.. with the 12 core Ivy Bridge chips just released..  ;D

That seems to be the "official line"
Title: Re: Adobe, Important Customer Security Alert !
Post by: PierreVandevenne on October 04, 2013, 08:00:35 PM
One never knows with Adobe (after all they once sold a 5000$ e-book protection server any reasonably astute 12 yo could have cracked with a pen a a sheet of paper - basically they used XOR) but if they used decent password protection practices (salted, strong algo - some info here https://crackstation.net/hashing-security.htm) danger isn't that high. If they did not, a lot of them will fall.

Note to Slobodan: reversing a single hash is extremely hard, reversing some of the 2.9 million hashes is potentially much easier. First because you basically have 2.9 million lottery tickets instead of one, but also because the amount of data by itself may leak info on the techniques Adobe uses: for duplicate hashes would indicate identical initial passwords hashed without salt or with a constant salt.

PS: my last Adobe purchase was on the 29th of September and I haven't received a notification from them.
Title: Re: Adobe, Important Customer Security Alert !
Post by: TylerB on October 04, 2013, 09:53:14 PM
I don't know if it's related, but I've been having login issues, and password reset issues with them all day long. A very long frustrating support chat did not resolve it though they would not stay on long enough to find that out with me. So I will have to start over tomorrow. As of now, I can not access my account. Perhaps they have their hands full, and I will try in a few days.. or perhaps I'm being generous..
Title: Re: Adobe, Important Customer Security Alert !
Post by: Slobodan Blagojevic on October 04, 2013, 11:48:22 PM
... Note to Slobodan: reversing a single hash is extremely hard, reversing some of the 2.9 million hashes is potentially much easier. First because you basically have 2.9 million lottery tickets instead of one, but also because the amount of data by itself may leak info on the techniques Adobe uses: for duplicate hashes would indicate identical initial passwords hashed without salt or with a constant salt...

My question was from the position of uneducated guess. Thanks for clarification.
Title: Re: Adobe, Important Customer Security Alert !
Post by: iladi on October 05, 2013, 01:28:51 PM
I'd suggest checking with your card company, I doubt adobe will contact them all.

All my external payments had allready been bloked by my bank since end of september. So, adobe allready contacted the banks way before they made the public statement. And i live in a not so big european country.
Title: Re: Adobe, Important Customer Security Alert !
Post by: PhotoEcosse on October 09, 2013, 04:59:44 AM
Getting slightly tedious.

Another e-mail from Adobe this morning to say that they have been hacked again and asking me to change password for a second time.

Important Password Reset Information
To view this message in a language other than English, please click here.

We recently discovered that an attacker illegally entered our network and may have obtained access to your Adobe ID and encrypted password. We currently have no indication that there has been unauthorized activity on your account.

To prevent unauthorized access to your account, we have reset your password. Please visit www.adobe.com/go/passwordreset to create a new password. We recommend that you also change your password on any website where you use the same user ID or password. In addition, please be on the lookout for suspicious email or phone scams seeking your personal information.

We deeply regret any inconvenience this may cause you. We value the trust of our customers and we will work aggressively to prevent these types of events from occurring in the future. If you have questions, you can learn more by visiting our Customer Alert page, which you will find here.
Adobe Customer Care
Title: Re: Adobe, Important Customer Security Alert !
Post by: PierreVandevenne on October 09, 2013, 08:45:16 AM
Coincidentally, here is an update to a well known (at least in the IT security world) password database leak story

http://arstechnica.com/security/2013/10/how-the-bible-and-youtube-are-fueling-the-next-frontier-of-password-cracking/

Nicely shows what can be done and what the risks are. And there is no good news or helpful suggestions...

Pierre
Title: Re: Adobe, Important Customer Security Alert !
Post by: BernardLanguillier on October 09, 2013, 09:53:16 AM
With CC only, Adobe had decided to remove themselves from the lifes of many of us... but with these issues they somehow impose themselves back in an extremely unpleasant way.

Cheers,
Bernard
Title: Re: Adobe, Important Customer Security Alert !
Post by: DeanChriss on October 10, 2013, 08:02:41 PM
With CC only, Adobe had decided to remove themselves from the lifes of many of us... but with these issues they somehow impose themselves back in an extremely unpleasant way.

Cheers,
Bernard


Indeed. What I find most disturbing is that for reasons unknown Adobe requires and stores your date of birth in addition to your credit card number. Date of birth is another piece of information identity thieves like to get, and it's a lot harder to change your birthday than it is to get a new credit card account or password. Nothing has been said about whether all of your personal data was compromised, but if credit card numbers, user names, and passwords were I have to assume everything was. In addition the incessant updates for security flaws in Adobe Acrobat/Acrobat reader do not exactly inspire confidence in Adobe's security practices.
Title: Re: Adobe, Important Customer Security Alert !
Post by: PhotoEcosse on October 11, 2013, 08:57:14 AM
With respect, only a numptie would give their GENUINE date of birth, mother's maiden name or place of birth on any online service. All those details are publicly available on birth certificate records. I thought everyone invented spoof details for so-called "security" purposes.

But a very real problem, apparently, is that a surprising number of folk use the same (or similar) passwords on more than one service. That's where the scammers really score.
Title: Re: Adobe, Important Customer Security Alert !
Post by: thierrylegros396 on October 15, 2013, 12:49:58 PM
So, if you frequently buy on the net, you have 50 to 100 different passwords, and I suppose you have a list of them stored in you PC ?

Any good solution to that really annoying problem ?!

In relation to Adobe problems, Atos (bankcard Company) has just sended me a written paper letter to inform me that they will close my card if I don't call them very soon !

So, they seem to take the problem seriously.

Is it possible to completely close your Adobe account ?!


Hope tomorrow will be better !

Thierry
Title: Re: Adobe, Important Customer Security Alert !
Post by: PierreVandevenne on October 16, 2013, 08:09:10 PM
Seems Adobe released info about the attack only because they were forced to

http://www.holdsecurity.com/
Title: Re: Adobe, Important Customer Security Alert !
Post by: daws on October 16, 2013, 11:33:18 PM
From the Hold Security article (http://www.holdsecurity.com/#!news2013/c13i1):

Quote
It appears that the breach of Adobe's data occurred in early August of this year but it is possible that the breach was ongoing earlier.