Now five days later another email is going around recommending that people reset their passwords. The second email was sitting in our mailbox this morning and was something of a surprise. The wording differed from the first email in that it only mentions the loss of user IDs and encrypted passwords. The first email informed us that our credit/debit card information was also likely compromised.
The question now is, has Adobe been hit with another attack or is the original attack much wider than they originally thought. Our thoughts are that the original estimate of 2.9 Million users was low and Adobe is just beginning to understand the full effect of the original breach. It is also very likely that the attackers were Adobe’s systems well before they were discovered. We have seen this pattern more than once in the recent past and it is possible that the same thing happened here.
|October 4th Email||October 9th Email|
Another and much more frightening possibility is that the attackers left other doors to re-access Adobe’s servers at a later date that Adobe has not been able to find yet. This is also another new pattern where the individuals responsible for an attack will make sure they can continue to exploit servers simply by deploying malware that gives them control over the network. One defense contractor was embarrassed like this for over five years by a Chinese hacker group.
It is a sad state of affairs when you are only hoping that a company simply missed that your information was compromised, but then again this is a perfect example of why forcing people into the cloud without proper preparation and security it a bad idea. We will continue to monitor the situation and see if we can get more information out of Adobe on the subject. For now if you have an Adobe Creative Cloud account we highly recommend you change your password and keep a close eye on whatever card you are using to pay for the applications and services.
Tell us what you think in our Forum