Adobe Hacked Oct 2013

Adobe announced its security breach on 3 October 2013. The private, custom email addresses I use for Adobe and Macromedia started receiving Russian spam in January 2013.

My Macromedia-specific email address existed prior to its acquisition by Adobe. The lack of spam on this address suggests Macromedia's and Adobe's systems had been secure until now.

According to whois records the spammer using these stolen email addresses is "Grigory Grogulenko" from Russia, operating the domain "mrdogs dot com" as the click-through link. This is either brazen or stupid; likely both.

Important Password Reset Information
As we announced on October 3, Adobe discovered sophisticated attacks on our network involving the illegal access and removal of a backup database containing Adobe IDs and encrypted passwords. We are writing to let you know that your Adobe ID was in the database taken by the attackers -- but, importantly, your current password was not . As a result, we did not reset your password. We have no reason to believe that your Adobe ID account is at risk or that there has been unauthorized activity on your account. The database taken by the attackers came from a backup system that contained many out-of-date records and was designated to be decommissioned. Adobe’s authentication system of record, which cryptographically hashes and salts customer passwords, was not the source of the database that was taken.
However, if you use your old passwords on any other websites, you should change those passwords. We also recommend that you follow password best practices to help ensure your current password is secure:
• Don’t reuse passwords: Your password should be unique to your Adobe ID account. Don’t reuse a password you have previously used with your Adobe ID or a password you are using on any other website.
• Make sure your password is difficult to guess: Your password should be at least eight (8) characters in length. It should contain a mix of different character sets, such as upper case letters (A-Z), lower case letters (a-z), digits (0-9), and special characters (# $ % & - _ { }). It should not use all or part of your name or your Adobe ID.
We deeply regret any inconvenience this may cause you. We value the trust of our customers and are working aggressively to prevent these types of events from occurring in the future. If you have questions, you can learn more by visiting our Customer Care page, which you will find here.

January 11th, 2014 Posted by Jon Jaroker Filed in: Ignorance and Negligence

Be the first to comment. Leave a comment

Your email address will not be published. Required fields are marked *