IT Brief New Zealand - Technology news for CIOs & IT decision-makers
Story image
38m Adobe users unaware of major data breach
Thu, 28th Nov 2013
FYI, this story is more than a year old

Ten weeks after admitting 38 million users have been affected by a massive cyber security attack, software giant Adobe has revealed it is taking longer than expected to warn customers of the risks.

After initially reporting the breach on September 17, the company has since failed to notify those affected, increasing the risk of cyber-scams and identify theft.

With a huge stash of stolen Adobe data circulating the Internert, company spokeswoman Heather Edell was at a loss to explain the situation, simply stating: "Email notifications are taking longer than we anticipated."

After previously claiming only three million customer accounts had credit card information stolen, Adobe admitted the figure was ten times worse on October 31, with the company's Chief Security Officer Brad Arkin telling users:

"We deeply regret that this incident occurred. We’re working diligently internally, as well as with external partners and law enforcement, to address the incident.”

So far however, little has changed, with a host of security firms within the industry heavily criticising Adobe for the error.

"This is a pretty massive screw-up," said Chester Wisniewski, a senior security advisor at anti-virus software maker Sophos.

"Anybody can go and download the list. It's not a secret."

Social media giant Facebook has also taken action, strongly advising certain users to change their passwords, to minimise the risk.

"Recently, there was a security incident on another website unrelated to Facebook," the warning states.

"Facebook was not directly affected by the incident, but your Facebook account is at risk because you were using the same password in both places.

"To secure your account, you'll need to answer a few questions and change your password.

"For your protected, no one can see you on Facebook until you finish."

Echoing the company's notification, Facebook spokesman Jay Nancarrow told the press: "We actively look for situations where the accounts of people who use Facebook could be at risk, even if the threat is external to our service.

"When we find these situations, we present messages to people to help them secure their accounts."

As reported on TechDay.com, following the breach, Adobe told users to take the following steps to stop the attack:

“As a precaution, we are resetting relevant customer passwords to help prevent unauthorized access to Adobe ID accounts,” Arkin said at the time.

“If your user ID and password were involved, you will receive an email notification from us with information on how to change your password.

“We also recommend that you change your passwords on any website where you may have used the same user ID and password.

If you would like additional information, please refer to Adobe’s Customer Support page by clicking here

Have you been breached?