Adobe Security Breach
Adobe Systems is one of the big computer application and software firm has recently revealed on
3rd October 2013 that one of the biggest security breach has occurred in their history. Adobe
security officer revealed that in the breach, hackers manage to get access to most of the Adobe
software and servicesbut especially to Acrobat PDF document-editing software and ColdFusion
web application. Adobe has also revealed that the hackers stole parts of the source code to
Photoshop, its popular picture-editing program. Adobe Systems have reported that about 2.9
million customer’sdata has been stolen from their website. This includes names contact and
details also their credit and debit cards details as well. The information could allow programmers
to analyze how Adobe's software works and copy its techniques. Later on, Adobe Systems
reported that the no. of users whose data is being compromised is not 2.9 million but it’s actually
38 million which one of the biggest security breach in the history.The diverse customer base of
Adobe was being reflected in the database. In the analysis it was found that there were 234,379
military and government email addresses, encrypted passwords and password hints in the
compromised database.In total of the 38 million accounts involved in the breach over 2 million
accounts were related to educational intuitions. Out of which more than 6,000 accounts were
from defense contractors such as Raytheon, Northrup Gruman, General Dynamics and BAE
Systems we also found. Also, from the federal side, there were 433 FBI accounts, 82 NSA
accounts and 5,000 NASA accounts were compromised in the breach.
This breach has also created panic among other big online based companies like Facebook; who
immediately alerted their customers after this incident. People usually have the habit of having
same password in two or more websites. Facebook doubted that their users may have the same
password which they were using on the Adobe Systems website. Many other websites did the
same by alert their users of the security breach.
Adobe Bad Security Record- Possible reason for the security breach
In the last five to six years Adobe has faced some or the other problem related to cyber security.
This is an evidence of the fact that the cyber security of the Adobe Systems was not good
enough. Their website was always vulnerable and nothing big was really done by them to stop
that. Certainly Adobe Systems needed the improvement in their cyber security years ago itself.
2007- Adobe Reader bug allowed hackers access to all the files on people's computers.
2008- More than 1,000 hacked websites infected computers by delivering fake Flash
Player updates that posed as CNN news notifications.
2009 - Vulnerability in Reader let hackers open back doors into people's computers.
2010- Attackers created malicious PDF attachments to hack into several companies,
including Adobe, Google and Rackspace.
2011-Bug gave hackers remote access to people's computers -- this time in Flash Player.
2012 -Hackers gained access to Adobe's security verification system by tapping into its
Adobe Flash Player and Acrobat Reader both which are the product of Adobe systems stood in
the second place in one of the most vulnerable programs of the fortune 500 companies in 2009.
After which Adobe Reader topped in the annual list of vulnerable programs in 2010. In the
similar way Adobe Flash Player in the year 2012. Therefore, the recent security breach of the
Adobe Systems should not a surprisefor everyone. Although, it one of the biggest breach in
Adobe as well as cyber security history.Because of the enormous use of the Adobe products it
has become a target for enormous bad guys. Adobe security history suggests that the
organization has to take a long, hard look in the mirror.
Checking whether your account was a part of Adobe security breach or not and creating a
Lookout is a security firmwhich has provided some of the steps which might be helpful in first
checking whether your account was a part of Adobe security breach or not. Also, the creation
and changing of the password as per the requirement. Following are some of steps which will
help in managing your password while dealing with the Adobe security breach:-
1. First step is to visit https://lastpass.com/adobe/ to check whether your account was a part of
security breach or not. This can be done just by entering your email id after which it shows the
result by comparing with the compromised accounts list.
2. In case you don’t remember that whether you have created any account with Adobe or not.
You try to confirm it and reset your password because many of the accounts which were being
compromised were inactive accounts as well. This can be done from the following link
3. Change the passwords which you have kept same as the Adobe account if any. Otherwise
there is a higher probability that if someone has got your Adobe password in the breach; they
will easily able to log in the other accounts where you have same password.
4. Setting a password which not easy to guess and which is unique and complex is a good way to
deal with such issues. Never use the same password for two or more account is also one of the
good practice to be safe.
Cause Effect Analysis of Adobe Security Breach
Cause effect diagram of the Adobe security breach is given by a cyber-stuff based firm Selil has
explained that how the breach was connected to People, process & policy, technology,
processing, transmission and storage & certainly how it has significant impact on all these.
How it happened: Breaking of passwords was easy on Adobe
It came in light that one out of every six passwords were easily breakable because of the usage of
hashing by Adobe which led to mashing up the user with the mathematical algorithm. The
company did not apply the level of security required for the passwords not to be broken easily.
Hashed version of the password along with the associated email id has been searched on the
internet to check the list of the people who are using the same password. There were hundreds of
users who were using the same password. It has been found that some of the account has Social
Security Number (SSN) as their password. There were thousands of instances in which people
wrote a hint for password as same as Facebook or same as bank account. Brian Krebs, an
investigating reporter said that it seems Adobe did not put much of the efforts to save their
customers precious information. He also said that the approaches used in the most of the
organizations including the larger ones are still relying on the older ways of security to protect
the password of their customers.
What went wrong- probably the 16 characters-Passwords cannot protect us anymore
Adobe did not match their password protection up to industry standards because of which
hackers were able to exploit that. Also in case of the stored passwords; the users’
password hints were in clear text.
Hints used were really weak and easily exploitable by the third parties
Hints made the discovery of passwords easy not only for the Adobe account but for the
others websites as well.
Usage of Paraphrases or long passwords makes it difficult for the hackers to hack.
Recycling of the same passwords for multiple places should not be practice for avoiding
the hacking of the accounts.
Adobe Systems tries to notify each of his individual customer via email about the same and
recommended them to change their password. However, it is still under doubt that all of the
Adobe users might have changed their password just by the email notification. There are two
probabilities- first it might have been filtered as spam mail and the second being it might have
been disregarded as a phishing message.
Impact: People who were using same password which they are using for other accounts related
to banking, social media, etc. they might be at risk. If things like that happens then it may be
lead to anything like fraud banking transactions, illegal activities through social media on the
name of someone else or may be damaging your social and personal life.
Steps taken by Adobe Systems after the breach
Brad Arkin is the Chief Security officer and spoke person for Adobe Systems. He has apologized
from the organization side for the same and made an important customer security announcement.
These kind of cyber-attacks are the harsh reality of the in today business. He also express regret
for customers whose confidential data or credit/ debit card information has been stolen. Some of
the steps taken by the organization are:-
First thing was as a precaution passwords of all the relevant customers has been reset, in
order to avoid any further unauthorized access to the accounts of the valuable customers.
The customer’s whose account was involved in the breach will be notified by the email
with the instructions for how to reset the password. It was also recommended by Adobe
systems to change the password of any account which has the same password as of
Adobe account to be on the safer side.
Adobe is also in a process to inform the customers whose debit or credit card information
was being involved in the breach. If such an information is being involved for any
customer then, then they will receive a notification letter from Adobe with the additional
steps other than the password reset for protecting the account against misuse of such kind
of information. Apart of this, a special service option of enrolling into one year
complimentary credit monitoring membership was made available for the customers
whose credit or debit card information was involved. This was one of the crucial steps
taken by Adobe to regain their customer trust.
Adobe has also notified the banks who process the payments for them. Therefore, they
can work with the payment card organization as well the banks to protect their customers’
Adobe systems have also contacted federal law enforcement and they are assisting in
them in investigating the same.
Following are some of the general recommendations for the Adobe security breach:-
1. Reset your Password
For the people who have same password for Adobe and some other accounts; it is highly
recommended that they should change their password(s) at the earliest. For the other people who
doesn’t have similar password; they should also change their Adobe password to be on the safer
side. For changing the password instead of using the email notification try resetting it directly
from the website which is much safer.
2. Using LastPass Tool
Online tool created by a security firm named LastPass has made it easy to check whether your
Adobe account is a part of the security breach or not. You just need to enter your email id
through which you may come to know within few seconds that whether you are a part of the
breach or not.
3. Never reuse your password
Reuse of the password should not be practiced i.e. never use same password for the two or more
accounts for the internet services. Because if you use the same password for two or more
accounts chances are that if any one of your account is comprised that the other may also be
compromised in no time. The best practice is to use different password for different accounts.
Although it’s difficult to do so if you have numerous accounts online but should be ideal to do it.
4. Create a Strong Password
Creation of strong password is highly recommended as it’s not easy to guess and probably may
not be compromised easily. Always create the strongest password possible as per the guideline of
the individual websites. As each website can have certain protocol in terms of accepting of the
passwords; so by following those protocols strong passwords needs to created.
5. Unique Password Hint
Password hint which is being used for the recovery of the password should be unique so that it
can be understood only by the user. It should not be like same as Facebook, pet name etc.
because such kind of password hint makes it easy for the hackers to guess the password. In case
of Adobe as well many of the passwords are being compromised based on the hint.
6. Password Paraphrasing
Passwords should at least 13 characters long; phrasing of passwords can be done instead of usage
of words. Paraphrasing usage of passwords making it difficult for hackers to identify the
passwords and hence the breach will not happen. Also, the longer password, much more
protected you are from hacking.
1. Pagliery Jose, Adobe has an epically abysmal security record, October 8, 2013,
2. Threat to Computer Accounts Due to Adobe Security Breach, Champsupport, November 15,
3. Samuel Liles, 2013 Adobe Data Breach (on going analysis), November 4, 2013,
4. Ken Westin, Adobe Breach compromised 234,379 military and government accounts, Nov
7. Brad Arkin, Chief Security Officer,Important Customer Security Announcement,
10.Nick Bilton,Adobe Breach Inadvertently Tied to Other Accounts, November 12,