WK9 Cybersecurity Blog Post

Adobe Creative Cloud has experienced several breeches in security, but one of the more dangerous ones I found took place in October of 2013, when they reported that 3 million credit card records were stolen. The hack was originally discovered by security blogger Brian Krebs, who alerted Adobe with the information. Later, it was discovered that an additional 150 million accounts were hacked, although this is an estimation, as many of these accounts were not active. Even so after weeks of investigations, it was difficult for KrebsOnSecurity to pinpoint which ones had actually been affected. Among the information stolen was user information, including both IDs, passwords, and credit/debit card information. Also, source code for Adobe Acrobat and Reader, as well as its ColdFusion Web application platform, and what appeared to be Photoshop was also found in the investigation. Adobe quickly contacted customers to inform them of the hack, and to alert them to change their passwords. Adobe also reset many customer’s passwords themselves, even when they weren’t sure which customers were affected. Information on the hacker, or hackers is scarce. In August 2015, Adobe agreed to pay for being in violation of the Customer Records Act and unfair business practices, and in November of 2016, they paid an estimated $1 million. One of Adobe’s biggest mistakes was that prior to the hack, they had continued to use internal network locations with security that wasn’t maintained and updated along with the rest of their website. They stored customer records in insecure networks, and this left them open to an attack.

It is incredibly important for every business, regardless of size, to design an efficient security system that includes both cyber security and careful employee practices. The smallest mistake, no matter how well meaning, can have disastrous consequences, as we have seen. A single piece of mislaid client or company information can fall into the wrong hands, or a suspicious email could open the entire company server and leave it vulnerable in the wrong hands. Data breaches occur due to both accidents or carelessness, and to malicious intendent. Regardless of how they happen, there are ways to avoid them. It’s always important to continue educating employees on security practices; these will help them at work, and at home when managing their own private information. Adobe’s experience illustrates just how important it is to stay on top of company wide security, and this includes cyber security.

 

Taken from: https://krebsonsecurity.com/2016/11/adobe-fined-1m-in-multistate-suit-over-2013-breach-no-jail-for-spamhaus-attacker/