On October 4th, 2013 Adobe Systems Incorporated issued a critical Security Advisory to their customer base alerting users that hackers gained access to Adobe’s databases and harvested nearly 3 million Adobe IDs, encrypted passwords, encrypted credit or debit card numbers, as well as expiration dates of those cards.
In addition, the hackers also gained access to the source code for several of Adobe’s most popular applications and plugins including Adobe Acrobat and ColdFusion. The leak of such critical source code used by millions of computers the world over raises security concerns for the machines upon which Adobe’s applications are installed.
What Do I Need to Do?
1) If your account was affected, Adobe has already reset your password and sent you an email asking you to change your password.
To change your password Adobe provides the following link:
www.adobe.com/go/passwordreset
However, I would strongly recommend that anyone with an Adobe ID change their password and/or security questions immediately.
2) If you believe that you’ve used the same password and/or userid on other, non-Adobe, websites, make sure you change your password on those other websites immediately.
3) Finally, if you’ve purchased software directly from Adobe, keep a close eye on your credit card or bank statement for illegal activity.
Will This Happen Again?
Very likely.
But next time it may be Amazon, Microsoft, Apple, or some other high-profile target instead.
That’s why it’s critically important to help protect yourself by following safe password practices including:
- Always create a unique, strong, password for every site that requires one. Strong passwords consist of at minimum 8 characters, upper and lower case letters, numbers, and symbols such as #, $, *, or &.
- Never use dictionary words, names, addresses, or any other information identifiable to you within your password.
- Never use real answers when filling out Security Question and Answer requirements on websites. (e.g. Don’t give your mother’s real maiden name when asked for it).
- User a password management application to store your usernames, passwords and other notes required to gain access to the websites you visit.
- Finally, be extremely wary of any password change requests you receive via email. If you’re in doubt, visit their website by typing the company’s address into your browser directly or contact the vendor via phone to ask if the request is legitimate.
For more information on the attack on Adobe’s servers, please visit their Customer Security Alert page here:
http://helpx.adobe.com/x-productkb/policy-pricing/customer-alert.html