Adobe Credit Card Details Compromised But Adobe OZ Remains Silent
Neither has the company issued an alert to their Australian Creative Cloud customers after the Company discovered that intruders had stolen the encrypted credit card details of 2.9m customers and the source code behind programs including one that opens PDFs.
Calls to Adobe and their PR advisors have not been answered. The company which has a monopoly in the graphic design tools market is refusing to say if Australian customers are affected or how if so how many subscribers are affected.
This is not the first time that the company has tried to use silence to defend its actions.
Recently the US company refused to comment about the pricing of its products in Australia and it was not until a Senate Committee investigating Adobe price gouging, moved to issue a Subpoena that the local subsidiary chose to comment.
In Australia it has been cheaper to fly to the United States and back to buy some of Adobe’s software there than it is to buy it in Australia.
Adobe’s global chief executive Shantanu Narayen, who was forced to defend why his company charges Australians $1800 more for some of its software when he was in Australia has also refused to comment about Adobe’s Australian pricing.
Now experts are saying that the hacking of source code used by Adobe has raised fears of a wave of global attacks targeting personal and financial data held on devices from PCs to smartphones.
In what could be the worst infiltration of its kind in almost 10 years, Adobe has chosen to remain silent.
Experts claim that armed with the code, criminals could spot vulnerabilities in the software and manipulate them to hack users’ machines, harvesting personal information and intellectual property that can be sold on the black market.
Alex Holden, of Hold Security, who alongside security journalist Brian Krebs helped uncover the crime, warned it could unleash a new generation of attacks.
“This is big news. If their source code is compromised, everyone is affected,” he said.
Hackers work “in the dark”, painstakingly trying hundreds of possibilities to find vulnerabilities, but they will now be able to “discover countless ways to exploit the source code”.
The attack was the worst breach of source code security since Microsoft had program code stolen in 2004, he added.
Adobe and US federal authorities are investigating the hack, which is thought to have come from inside the USA.
Adobe’s silence on the issue has stunned communicators as hackers penetrated the Adobe web sites back in late July and in mid-August.
Google which has moved Adobe emails to their new spam blocking services has created further problems as legitimate password-reset emails are being blocked following the recent security breach.
A mass email sent on Saturday 5th October following Thursday’s announcement that Adobe had been hacked, with source code for many Adobe programs has been flagged as spam.
It is not clear why the email has been wrongly flagged by Gmail but it’s possible that the use of identical text for all the emails didn’t help Adobe’s cause. Embedding some unique customer information into the email may have prevented this from happening.