SlideShare a Scribd company logo

Adobe Security Breach

Download as DOCX, PDF
G
Gaurav Dubey

Adobe Security Breach

Technology
1 of 8
Adobe Security Breach Adobe Systems is one of the big computer application and software firm has recently revealed on 3rd October 2013 that one of the biggest security breach has occurred in their history. Adobe security officer revealed that in the breach, hackers manage to get access to most of the Adobe software and servicesbut especially to Acrobat PDF document-editing software and ColdFusion web application. Adobe has also revealed that the hackers stole parts of the source code to Photoshop, its popular picture-editing program. Adobe Systems have reported that about 2.9 million customer’sdata has been stolen from their website. This includes names contact and details also their credit and debit cards details as well. The information could allow programmers to analyze how Adobe's software works and copy its techniques. Later on, Adobe Systems reported that the no. of users whose data is being compromised is not 2.9 million but it’s actually 38 million which one of the biggest security breach in the history.The diverse customer base of Adobe was being reflected in the database. In the analysis it was found that there were 234,379 military and government email addresses, encrypted passwords and password hints in the compromised database.In total of the 38 million accounts involved in the breach over 2 million accounts were related to educational intuitions. Out of which more than 6,000 accounts were from defense contractors such as Raytheon, Northrup Gruman, General Dynamics and BAE Systems we also found. Also, from the federal side, there were 433 FBI accounts, 82 NSA accounts and 5,000 NASA accounts were compromised in the breach. This breach has also created panic among other big online based companies like Facebook; who immediately alerted their customers after this incident. People usually have the habit of having same password in two or more websites. Facebook doubted that their users may have the same password which they were using on the Adobe Systems website. Many other websites did the same by alert their users of the security breach. Adobe Bad Security Record- Possible reason for the security breach In the last five to six years Adobe has faced some or the other problem related to cyber security. This is an evidence of the fact that the cyber security of the Adobe Systems was not good enough. Their website was always vulnerable and nothing big was really done by them to stop that. Certainly Adobe Systems needed the improvement in their cyber security years ago itself.
2007- Adobe Reader bug allowed hackers access to all the files on people's computers. 2008- More than 1,000 hacked websites infected computers by delivering fake Flash Player updates that posed as CNN news notifications. 2009 - Vulnerability in Reader let hackers open back doors into people's computers. 2010- Attackers created malicious PDF attachments to hack into several companies, including Adobe, Google and Rackspace. 2011-Bug gave hackers remote access to people's computers -- this time in Flash Player. 2012 -Hackers gained access to Adobe's security verification system by tapping into its internal servers. Adobe Flash Player and Acrobat Reader both which are the product of Adobe systems stood in the second place in one of the most vulnerable programs of the fortune 500 companies in 2009. After which Adobe Reader topped in the annual list of vulnerable programs in 2010. In the similar way Adobe Flash Player in the year 2012. Therefore, the recent security breach of the Adobe Systems should not a surprisefor everyone. Although, it one of the biggest breach in Adobe as well as cyber security history.Because of the enormous use of the Adobe products it has become a target for enormous bad guys. Adobe security history suggests that the organization has to take a long, hard look in the mirror. Checking whether your account was a part of Adobe security breach or not and creating a safe password Lookout is a security firmwhich has provided some of the steps which might be helpful in first checking whether your account was a part of Adobe security breach or not. Also, the creation and changing of the password as per the requirement. Following are some of steps which will help in managing your password while dealing with the Adobe security breach:- 1. First step is to visit https://lastpass.com/adobe/ to check whether your account was a part of security breach or not. This can be done just by entering your email id after which it shows the result by comparing with the compromised accounts list.
2. In case you don’t remember that whether you have created any account with Adobe or not. You try to confirm it and reset your password because many of the accounts which were being compromised were inactive accounts as well. This can be done from the following link https://www.adobe.com/go/passwordreset 3. Change the passwords which you have kept same as the Adobe account if any. Otherwise there is a higher probability that if someone has got your Adobe password in the breach; they will easily able to log in the other accounts where you have same password. 4. Setting a password which not easy to guess and which is unique and complex is a good way to deal with such issues. Never use the same password for two or more account is also one of the good practice to be safe. Cause Effect Analysis of Adobe Security Breach
Cause effect diagram of the Adobe security breach is given by a cyber-stuff based firm Selil has explained that how the breach was connected to People, process & policy, technology, processing, transmission and storage & certainly how it has significant impact on all these. How it happened: Breaking of passwords was easy on Adobe It came in light that one out of every six passwords were easily breakable because of the usage of hashing by Adobe which led to mashing up the user with the mathematical algorithm. The company did not apply the level of security required for the passwords not to be broken easily. Hashed version of the password along with the associated email id has been searched on the internet to check the list of the people who are using the same password. There were hundreds of users who were using the same password. It has been found that some of the account has Social Security Number (SSN) as their password. There were thousands of instances in which people wrote a hint for password as same as Facebook or same as bank account. Brian Krebs, an investigating reporter said that it seems Adobe did not put much of the efforts to save their customers precious information. He also said that the approaches used in the most of the organizations including the larger ones are still relying on the older ways of security to protect the password of their customers. What went wrong- probably the 16 characters-Passwords cannot protect us anymore Adobe did not match their password protection up to industry standards because of which hackers were able to exploit that. Also in case of the stored passwords; the users’ password hints were in clear text. Hints used were really weak and easily exploitable by the third parties Hints made the discovery of passwords easy not only for the Adobe account but for the others websites as well. Usage of Paraphrases or long passwords makes it difficult for the hackers to hack. Recycling of the same passwords for multiple places should not be practice for avoiding the hacking of the accounts.
Adobe Systems tries to notify each of his individual customer via email about the same and recommended them to change their password. However, it is still under doubt that all of the Adobe users might have changed their password just by the email notification. There are two probabilities- first it might have been filtered as spam mail and the second being it might have been disregarded as a phishing message. Impact: People who were using same password which they are using for other accounts related to banking, social media, etc. they might be at risk. If things like that happens then it may be lead to anything like fraud banking transactions, illegal activities through social media on the name of someone else or may be damaging your social and personal life. Steps taken by Adobe Systems after the breach Brad Arkin is the Chief Security officer and spoke person for Adobe Systems. He has apologized from the organization side for the same and made an important customer security announcement. These kind of cyber-attacks are the harsh reality of the in today business. He also express regret for customers whose confidential data or credit/ debit card information has been stolen. Some of the steps taken by the organization are:- First thing was as a precaution passwords of all the relevant customers has been reset, in order to avoid any further unauthorized access to the accounts of the valuable customers. The customer’s whose account was involved in the breach will be notified by the email with the instructions for how to reset the password. It was also recommended by Adobe systems to change the password of any account which has the same password as of Adobe account to be on the safer side. Adobe is also in a process to inform the customers whose debit or credit card information was being involved in the breach. If such an information is being involved for any
customer then, then they will receive a notification letter from Adobe with the additional steps other than the password reset for protecting the account against misuse of such kind of information. Apart of this, a special service option of enrolling into one year complimentary credit monitoring membership was made available for the customers whose credit or debit card information was involved. This was one of the crucial steps taken by Adobe to regain their customer trust. Adobe has also notified the banks who process the payments for them. Therefore, they can work with the payment card organization as well the banks to protect their customers’ accounts. Adobe systems have also contacted federal law enforcement and they are assisting in them in investigating the same. Recommendations Following are some of the general recommendations for the Adobe security breach:- 1. Reset your Password For the people who have same password for Adobe and some other accounts; it is highly recommended that they should change their password(s) at the earliest. For the other people who doesn’t have similar password; they should also change their Adobe password to be on the safer side. For changing the password instead of using the email notification try resetting it directly from the website which is much safer. 2. Using LastPass Tool Online tool created by a security firm named LastPass has made it easy to check whether your Adobe account is a part of the security breach or not. You just need to enter your email id
through which you may come to know within few seconds that whether you are a part of the breach or not. 3. Never reuse your password Reuse of the password should not be practiced i.e. never use same password for the two or more accounts for the internet services. Because if you use the same password for two or more accounts chances are that if any one of your account is comprised that the other may also be compromised in no time. The best practice is to use different password for different accounts. Although it’s difficult to do so if you have numerous accounts online but should be ideal to do it. 4. Create a Strong Password Creation of strong password is highly recommended as it’s not easy to guess and probably may not be compromised easily. Always create the strongest password possible as per the guideline of the individual websites. As each website can have certain protocol in terms of accepting of the passwords; so by following those protocols strong passwords needs to created. 5. Unique Password Hint Password hint which is being used for the recovery of the password should be unique so that it can be understood only by the user. It should not be like same as Facebook, pet name etc. because such kind of password hint makes it easy for the hackers to guess the password. In case of Adobe as well many of the passwords are being compromised based on the hint. 6. Password Paraphrasing Passwords should at least 13 characters long; phrasing of passwords can be done instead of usage of words. Paraphrasing usage of passwords making it difficult for hackers to identify the passwords and hence the breach will not happen. Also, the longer password, much more protected you are from hacking.
References 1. Pagliery Jose, Adobe has an epically abysmal security record, October 8, 2013, http://money.cnn.com/2013/10/08/technology/security/adobe-security 2. Threat to Computer Accounts Due to Adobe Security Breach, Champsupport, November 15, 2013, http://champsupport.wordpress.com/2013/11/15/alert-threat-to-computer-accounts-due-toadobe-security-breach 3. Samuel Liles, 2013 Adobe Data Breach (on going analysis), November 4, 2013, http://selil.com/archives/4938 4. Ken Westin, Adobe Breach compromised 234,379 military and government accounts, Nov 13, 2013,http://www.tripwire.com/state-of-security/vulnerability-management/adobe-data- breach-compromised-234379-military-government-accounts/ 5. Lookout, Security Alert: Adobe Password Breach,November 12, 2013, https://blog.lookout.com/blog/2013/11/12/security-alert-adobe-password-breach 6. Adobe hack: At least 38 million accounts breached,30 October 2013,http://www.bbc.co.uk/news/technology-24740873 7. Brad Arkin, Chief Security Officer,Important Customer Security Announcement, http://blogs.adobe.com/conversations/2013/10/important-customer-security-announcement.html 8. Michael York,Adobe’s security breach and the impact to you,November 21, Breach,November 13, 2013,http://www.postmanmojo.com/blog/adobes-security-breach-impact 9. Jay Nancarrow,Facebook Warns Users After Adobe 2013,http://krebsonsecurity.com/2013/11/facebook-warns-users-after-adobe-breach 10.Nick Bilton,Adobe Breach Inadvertently Tied to Other Accounts, November 12, 2013,http://bits.blogs.nytimes.com/2013/11/12/adobe-breach-inadvertently-tied-to-otheraccounts

Recommended

Computer Crimes
Computer CrimesComputer Crimes
Computer CrimesIvy Rose Recierdo
 
Online privacy & security
Online privacy & securityOnline privacy & security
Online privacy & securityPriyab Satoshi
 
Evolution of e commerce in india
Evolution of e commerce in indiaEvolution of e commerce in india
Evolution of e commerce in indiaShivam Gupta
 
Session hijacking by rahul tyagi
Session hijacking by rahul tyagiSession hijacking by rahul tyagi
Session hijacking by rahul tyagiamansyal
 
introduction to Botnet
introduction to Botnetintroduction to Botnet
introduction to Botnetyogendra singh chahar
 
Data and software privacy
Data and software privacyData and software privacy
Data and software privacyIntegral university, India
 
Phishing Attack Awareness and Prevention
Phishing Attack Awareness and PreventionPhishing Attack Awareness and Prevention
Phishing Attack Awareness and Preventionsonalikharade3
 
Cyber Crime & Information technology Act 2000
Cyber Crime & Information technology Act 2000Cyber Crime & Information technology Act 2000
Cyber Crime & Information technology Act 2000V'vek Sharma
 

Recommended

Computer Crimes
Computer CrimesComputer Crimes
Computer CrimesIvy Rose Recierdo
 
Online privacy & security
Online privacy & securityOnline privacy & security
Online privacy & securityPriyab Satoshi
 
Evolution of e commerce in india
Evolution of e commerce in indiaEvolution of e commerce in india
Evolution of e commerce in indiaShivam Gupta
 
Session hijacking by rahul tyagi
Session hijacking by rahul tyagiSession hijacking by rahul tyagi
Session hijacking by rahul tyagiamansyal
 
introduction to Botnet
introduction to Botnetintroduction to Botnet
introduction to Botnetyogendra singh chahar
 
Data and software privacy
Data and software privacyData and software privacy
Data and software privacyIntegral university, India
 
Phishing Attack Awareness and Prevention
Phishing Attack Awareness and PreventionPhishing Attack Awareness and Prevention
Phishing Attack Awareness and Preventionsonalikharade3
 
Cyber Crime & Information technology Act 2000
Cyber Crime & Information technology Act 2000Cyber Crime & Information technology Act 2000
Cyber Crime & Information technology Act 2000V'vek Sharma
 
Botnets 101
Botnets 101Botnets 101
Botnets 101Aung Thu Rha Hein
 
E-commerce- Security & Encryption
E-commerce- Security & EncryptionE-commerce- Security & Encryption
E-commerce- Security & EncryptionBiroja
 
Cyber fraud a threat to E commerce
Cyber fraud a threat to E commerceCyber fraud a threat to E commerce
Cyber fraud a threat to E commerceSudeshna07
 
THE CYBER WORLD.pptx
THE CYBER WORLD.pptxTHE CYBER WORLD.pptx
THE CYBER WORLD.pptxKrishnaGupta769783
 
Computer Security and Ethics
Computer Security and EthicsComputer Security and Ethics
Computer Security and EthicsMohsin Riaz
 
Introduction to Cyber Crime
Introduction to Cyber CrimeIntroduction to Cyber Crime
Introduction to Cyber CrimeDr Raghu Khimani
 
Cyber security
Cyber securityCyber security
Cyber securityKomal Samdariya
 
Cyber Crime and a Case Study
Cyber Crime and a Case StudyCyber Crime and a Case Study
Cyber Crime and a Case StudyPratham Jaiswal
 
Computer Misuse Act
Computer Misuse ActComputer Misuse Act
Computer Misuse Actmrmwood
 
E commerce in india
E commerce in indiaE commerce in india
E commerce in indiaatuljaybhaye
 
Phishing
PhishingPhishing
PhishingHHSome
 
Cyber security and cyber laws
Cyber security and cyber lawsCyber security and cyber laws
Cyber security and cyber lawsDr. Prashant Vats
 
Amazon
AmazonAmazon
AmazonAli Kamran
 
Computer crime
Computer crime Computer crime
Computer crimeAnika Rahman Orin
 
Cyber crime
Cyber crimeCyber crime
Cyber crimeRanjana Adhikari
 
Computer ethics
Computer ethics Computer ethics
Computer ethics Aglaia Connect
 
E commerce - ppt
E commerce - ppt E commerce - ppt
E commerce - ppt Saiqa Hashmi
 
E commerce banking ppt
E commerce banking pptE commerce banking ppt
E commerce banking pptaakritisood1093
 
Computer Security Presentation
Computer Security PresentationComputer Security Presentation
Computer Security PresentationPraphullaShrestha1
 
Internet Security
Internet SecurityInternet Security
Internet SecurityMitesh Gupta
 
OlgerHoxha_Thesis_Final
OlgerHoxha_Thesis_FinalOlgerHoxha_Thesis_Final
OlgerHoxha_Thesis_FinalOlger Hoxha, CISSP CISM
 
Microsoft365 from a Hacker's Perspective
Microsoft365 from a Hacker's PerspectiveMicrosoft365 from a Hacker's Perspective
Microsoft365 from a Hacker's PerspectiveBenedek Menesi
 

More Related Content

What's hot

E-commerce- Security & Encryption
E-commerce- Security & EncryptionE-commerce- Security & Encryption
E-commerce- Security & EncryptionBiroja
 
Cyber fraud a threat to E commerce
Cyber fraud a threat to E commerceCyber fraud a threat to E commerce
Cyber fraud a threat to E commerceSudeshna07
 
Computer Security and Ethics
Computer Security and EthicsComputer Security and Ethics
Computer Security and EthicsMohsin Riaz
 
Introduction to Cyber Crime
Introduction to Cyber CrimeIntroduction to Cyber Crime
Introduction to Cyber CrimeDr Raghu Khimani
 
Cyber Crime and a Case Study
Cyber Crime and a Case StudyCyber Crime and a Case Study
Cyber Crime and a Case StudyPratham Jaiswal
 
Computer Misuse Act
Computer Misuse ActComputer Misuse Act
Computer Misuse Actmrmwood
 
E commerce in india
E commerce in indiaE commerce in india
E commerce in indiaatuljaybhaye
 
Phishing
PhishingPhishing
PhishingHHSome
 
Cyber security and cyber laws
Cyber security and cyber lawsCyber security and cyber laws
Cyber security and cyber lawsDr. Prashant Vats
 
Computer Security Presentation
Computer Security PresentationComputer Security Presentation
Computer Security PresentationPraphullaShrestha1
 

What's hot (20)

Botnets 101
Botnets 101Botnets 101
Botnets 101
 
E-commerce- Security & Encryption
E-commerce- Security & EncryptionE-commerce- Security & Encryption
E-commerce- Security & Encryption
 
Cyber fraud a threat to E commerce
Cyber fraud a threat to E commerceCyber fraud a threat to E commerce
Cyber fraud a threat to E commerce
 
THE CYBER WORLD.pptx
THE CYBER WORLD.pptxTHE CYBER WORLD.pptx
THE CYBER WORLD.pptx
 
Computer Security and Ethics
Computer Security and EthicsComputer Security and Ethics
Computer Security and Ethics
 
Introduction to Cyber Crime
Introduction to Cyber CrimeIntroduction to Cyber Crime
Introduction to Cyber Crime
 
Cyber security
Cyber securityCyber security
Cyber security
 
Cyber Crime and a Case Study
Cyber Crime and a Case StudyCyber Crime and a Case Study
Cyber Crime and a Case Study
 
Computer Misuse Act
Computer Misuse ActComputer Misuse Act
Computer Misuse Act
 
E commerce in india
E commerce in indiaE commerce in india
E commerce in india
 
Phishing
PhishingPhishing
Phishing
 
Cyber security and cyber laws
Cyber security and cyber lawsCyber security and cyber laws
Cyber security and cyber laws
 
Amazon
AmazonAmazon
Amazon
 
Computer crime
Computer crime Computer crime
Computer crime
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
Computer ethics
Computer ethics Computer ethics
Computer ethics
 
E commerce - ppt
E commerce - ppt E commerce - ppt
E commerce - ppt
 
E commerce banking ppt
E commerce banking pptE commerce banking ppt
E commerce banking ppt
 
Computer Security Presentation
Computer Security PresentationComputer Security Presentation
Computer Security Presentation
 
Internet Security
Internet SecurityInternet Security
Internet Security
 

Similar to Adobe Security Breach

Microsoft365 from a Hacker's Perspective
Microsoft365 from a Hacker's PerspectiveMicrosoft365 from a Hacker's Perspective
Microsoft365 from a Hacker's PerspectiveBenedek Menesi
 
ANDROID APPLICATION FOR PASSWORDLESS LOGIN FOR WEB APPLICATIONS
ANDROID APPLICATION FOR PASSWORDLESS LOGIN FOR WEB APPLICATIONSANDROID APPLICATION FOR PASSWORDLESS LOGIN FOR WEB APPLICATIONS
ANDROID APPLICATION FOR PASSWORDLESS LOGIN FOR WEB APPLICATIONSJournal For Research
 
What about Two Factor Authentication?
What about Two Factor Authentication? What about Two Factor Authentication?
What about Two Factor Authentication? Sinch
 
Case 11. What exactly occurred Twitter is one of popular soci.docx
Case 11. What exactly occurred Twitter is one of popular soci.docxCase 11. What exactly occurred Twitter is one of popular soci.docx
Case 11. What exactly occurred Twitter is one of popular soci.docxtidwellveronique
 
Stop Hackers with Integrated CASB & IDaaS Security
Stop Hackers with Integrated CASB & IDaaS SecurityStop Hackers with Integrated CASB & IDaaS Security
Stop Hackers with Integrated CASB & IDaaS SecurityOneLogin
 
[OPD 2019] Inter-application vulnerabilities
[OPD 2019] Inter-application vulnerabilities[OPD 2019] Inter-application vulnerabilities
[OPD 2019] Inter-application vulnerabilitiesOWASP
 
eBay's Big "Whoops": What Others Can Learn From It
eBay's Big "Whoops": What Others Can Learn From IteBay's Big "Whoops": What Others Can Learn From It
eBay's Big "Whoops": What Others Can Learn From ItPerfectCloud Corp.
 
Protecting Corporete Credentials Against Threats 4 48159 wgw03071_usen
Protecting Corporete Credentials Against Threats 4 48159 wgw03071_usenProtecting Corporete Credentials Against Threats 4 48159 wgw03071_usen
Protecting Corporete Credentials Against Threats 4 48159 wgw03071_usenCMR WORLD TECH
 
The 14 Most Common Security Risks For SaaS Applications And How To Fix Them.pdf
The 14 Most Common Security Risks For SaaS Applications And How To Fix Them.pdfThe 14 Most Common Security Risks For SaaS Applications And How To Fix Them.pdf
The 14 Most Common Security Risks For SaaS Applications And How To Fix Them.pdfGroovy Web
 
Comvigo IM Lock WhitePaper
Comvigo IM Lock WhitePaperComvigo IM Lock WhitePaper
Comvigo IM Lock WhitePaperJames Tanner
 
Literature survey on identity management
Literature survey on identity managementLiterature survey on identity management
Literature survey on identity managementVaibhav Sathe
 
How secure is two factor authentication (2 fa)
How secure is two factor authentication (2 fa)How secure is two factor authentication (2 fa)
How secure is two factor authentication (2 fa)Jack Forbes
 
IRJET- Security Enhancements by Achieving Flatness in Honeyword for Web u...
IRJET- Security Enhancements by Achieving Flatness in Honeyword for Web u...IRJET- Security Enhancements by Achieving Flatness in Honeyword for Web u...
IRJET- Security Enhancements by Achieving Flatness in Honeyword for Web u...IRJET Journal
 
Stop Hackers with Integrated CASB & IDaaS Security
Stop Hackers with Integrated CASB & IDaaS SecurityStop Hackers with Integrated CASB & IDaaS Security
Stop Hackers with Integrated CASB & IDaaS SecurityCloudLock
 
Online Brand Protection: Fighting Domain Name Typosquatting, Website Spoofing...
Online Brand Protection: Fighting Domain Name Typosquatting, Website Spoofing...Online Brand Protection: Fighting Domain Name Typosquatting, Website Spoofing...
Online Brand Protection: Fighting Domain Name Typosquatting, Website Spoofing...WhoisXML API
 

Similar to Adobe Security Breach (20)

OlgerHoxha_Thesis_Final
OlgerHoxha_Thesis_FinalOlgerHoxha_Thesis_Final
OlgerHoxha_Thesis_Final
 
Microsoft365 from a Hacker's Perspective
Microsoft365 from a Hacker's PerspectiveMicrosoft365 from a Hacker's Perspective
Microsoft365 from a Hacker's Perspective
 
ANDROID APPLICATION FOR PASSWORDLESS LOGIN FOR WEB APPLICATIONS
ANDROID APPLICATION FOR PASSWORDLESS LOGIN FOR WEB APPLICATIONSANDROID APPLICATION FOR PASSWORDLESS LOGIN FOR WEB APPLICATIONS
ANDROID APPLICATION FOR PASSWORDLESS LOGIN FOR WEB APPLICATIONS
 
What about Two Factor Authentication?
What about Two Factor Authentication? What about Two Factor Authentication?
What about Two Factor Authentication?
 
Case 11. What exactly occurred Twitter is one of popular soci.docx
Case 11. What exactly occurred Twitter is one of popular soci.docxCase 11. What exactly occurred Twitter is one of popular soci.docx
Case 11. What exactly occurred Twitter is one of popular soci.docx
 
Stop Hackers with Integrated CASB & IDaaS Security
Stop Hackers with Integrated CASB & IDaaS SecurityStop Hackers with Integrated CASB & IDaaS Security
Stop Hackers with Integrated CASB & IDaaS Security
 
[OPD 2019] Inter-application vulnerabilities
[OPD 2019] Inter-application vulnerabilities[OPD 2019] Inter-application vulnerabilities
[OPD 2019] Inter-application vulnerabilities
 
eBay's Big "Whoops": What Others Can Learn From It
eBay's Big "Whoops": What Others Can Learn From IteBay's Big "Whoops": What Others Can Learn From It
eBay's Big "Whoops": What Others Can Learn From It
 
Heartbleed
HeartbleedHeartbleed
Heartbleed
 
Protecting Corporete Credentials Against Threats 4 48159 wgw03071_usen
Protecting Corporete Credentials Against Threats 4 48159 wgw03071_usenProtecting Corporete Credentials Against Threats 4 48159 wgw03071_usen
Protecting Corporete Credentials Against Threats 4 48159 wgw03071_usen
 
The 14 Most Common Security Risks For SaaS Applications And How To Fix Them.pdf
The 14 Most Common Security Risks For SaaS Applications And How To Fix Them.pdfThe 14 Most Common Security Risks For SaaS Applications And How To Fix Them.pdf
The 14 Most Common Security Risks For SaaS Applications And How To Fix Them.pdf
 
Security & Compliance for Startups
Security & Compliance for StartupsSecurity & Compliance for Startups
Security & Compliance for Startups
 
Comvigo IM Lock WhitePaper
Comvigo IM Lock WhitePaperComvigo IM Lock WhitePaper
Comvigo IM Lock WhitePaper
 
Literature survey on identity management
Literature survey on identity managementLiterature survey on identity management
Literature survey on identity management
 
How secure is two factor authentication (2 fa)
How secure is two factor authentication (2 fa)How secure is two factor authentication (2 fa)
How secure is two factor authentication (2 fa)
 
IRJET- Security Enhancements by Achieving Flatness in Honeyword for Web u...
IRJET- Security Enhancements by Achieving Flatness in Honeyword for Web u...IRJET- Security Enhancements by Achieving Flatness in Honeyword for Web u...
IRJET- Security Enhancements by Achieving Flatness in Honeyword for Web u...
 
Stop Hackers with Integrated CASB & IDaaS Security
Stop Hackers with Integrated CASB & IDaaS SecurityStop Hackers with Integrated CASB & IDaaS Security
Stop Hackers with Integrated CASB & IDaaS Security
 
Internet Security Essay
Internet Security EssayInternet Security Essay
Internet Security Essay
 
NWSLTR_Volume7_Issue1
NWSLTR_Volume7_Issue1NWSLTR_Volume7_Issue1
NWSLTR_Volume7_Issue1
 
Online Brand Protection: Fighting Domain Name Typosquatting, Website Spoofing...
Online Brand Protection: Fighting Domain Name Typosquatting, Website Spoofing...Online Brand Protection: Fighting Domain Name Typosquatting, Website Spoofing...
Online Brand Protection: Fighting Domain Name Typosquatting, Website Spoofing...
 

Recently uploaded

Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsAndrey Dotsenko
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 

Recently uploaded (20)

Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdf
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 

Adobe Security Breach

  • 1. Adobe Security Breach Adobe Systems is one of the big computer application and software firm has recently revealed on 3rd October 2013 that one of the biggest security breach has occurred in their history. Adobe security officer revealed that in the breach, hackers manage to get access to most of the Adobe software and servicesbut especially to Acrobat PDF document-editing software and ColdFusion web application. Adobe has also revealed that the hackers stole parts of the source code to Photoshop, its popular picture-editing program. Adobe Systems have reported that about 2.9 million customer’sdata has been stolen from their website. This includes names contact and details also their credit and debit cards details as well. The information could allow programmers to analyze how Adobe's software works and copy its techniques. Later on, Adobe Systems reported that the no. of users whose data is being compromised is not 2.9 million but it’s actually 38 million which one of the biggest security breach in the history.The diverse customer base of Adobe was being reflected in the database. In the analysis it was found that there were 234,379 military and government email addresses, encrypted passwords and password hints in the compromised database.In total of the 38 million accounts involved in the breach over 2 million accounts were related to educational intuitions. Out of which more than 6,000 accounts were from defense contractors such as Raytheon, Northrup Gruman, General Dynamics and BAE Systems we also found. Also, from the federal side, there were 433 FBI accounts, 82 NSA accounts and 5,000 NASA accounts were compromised in the breach. This breach has also created panic among other big online based companies like Facebook; who immediately alerted their customers after this incident. People usually have the habit of having same password in two or more websites. Facebook doubted that their users may have the same password which they were using on the Adobe Systems website. Many other websites did the same by alert their users of the security breach. Adobe Bad Security Record- Possible reason for the security breach In the last five to six years Adobe has faced some or the other problem related to cyber security. This is an evidence of the fact that the cyber security of the Adobe Systems was not good enough. Their website was always vulnerable and nothing big was really done by them to stop that. Certainly Adobe Systems needed the improvement in their cyber security years ago itself.
  • 2. 2007- Adobe Reader bug allowed hackers access to all the files on people's computers. 2008- More than 1,000 hacked websites infected computers by delivering fake Flash Player updates that posed as CNN news notifications. 2009 - Vulnerability in Reader let hackers open back doors into people's computers. 2010- Attackers created malicious PDF attachments to hack into several companies, including Adobe, Google and Rackspace. 2011-Bug gave hackers remote access to people's computers -- this time in Flash Player. 2012 -Hackers gained access to Adobe's security verification system by tapping into its internal servers. Adobe Flash Player and Acrobat Reader both which are the product of Adobe systems stood in the second place in one of the most vulnerable programs of the fortune 500 companies in 2009. After which Adobe Reader topped in the annual list of vulnerable programs in 2010. In the similar way Adobe Flash Player in the year 2012. Therefore, the recent security breach of the Adobe Systems should not a surprisefor everyone. Although, it one of the biggest breach in Adobe as well as cyber security history.Because of the enormous use of the Adobe products it has become a target for enormous bad guys. Adobe security history suggests that the organization has to take a long, hard look in the mirror. Checking whether your account was a part of Adobe security breach or not and creating a safe password Lookout is a security firmwhich has provided some of the steps which might be helpful in first checking whether your account was a part of Adobe security breach or not. Also, the creation and changing of the password as per the requirement. Following are some of steps which will help in managing your password while dealing with the Adobe security breach:- 1. First step is to visit https://lastpass.com/adobe/ to check whether your account was a part of security breach or not. This can be done just by entering your email id after which it shows the result by comparing with the compromised accounts list.
  • 3. 2. In case you don’t remember that whether you have created any account with Adobe or not. You try to confirm it and reset your password because many of the accounts which were being compromised were inactive accounts as well. This can be done from the following link https://www.adobe.com/go/passwordreset 3. Change the passwords which you have kept same as the Adobe account if any. Otherwise there is a higher probability that if someone has got your Adobe password in the breach; they will easily able to log in the other accounts where you have same password. 4. Setting a password which not easy to guess and which is unique and complex is a good way to deal with such issues. Never use the same password for two or more account is also one of the good practice to be safe. Cause Effect Analysis of Adobe Security Breach
  • 4. Cause effect diagram of the Adobe security breach is given by a cyber-stuff based firm Selil has explained that how the breach was connected to People, process & policy, technology, processing, transmission and storage & certainly how it has significant impact on all these. How it happened: Breaking of passwords was easy on Adobe It came in light that one out of every six passwords were easily breakable because of the usage of hashing by Adobe which led to mashing up the user with the mathematical algorithm. The company did not apply the level of security required for the passwords not to be broken easily. Hashed version of the password along with the associated email id has been searched on the internet to check the list of the people who are using the same password. There were hundreds of users who were using the same password. It has been found that some of the account has Social Security Number (SSN) as their password. There were thousands of instances in which people wrote a hint for password as same as Facebook or same as bank account. Brian Krebs, an investigating reporter said that it seems Adobe did not put much of the efforts to save their customers precious information. He also said that the approaches used in the most of the organizations including the larger ones are still relying on the older ways of security to protect the password of their customers. What went wrong- probably the 16 characters-Passwords cannot protect us anymore Adobe did not match their password protection up to industry standards because of which hackers were able to exploit that. Also in case of the stored passwords; the users’ password hints were in clear text. Hints used were really weak and easily exploitable by the third parties Hints made the discovery of passwords easy not only for the Adobe account but for the others websites as well. Usage of Paraphrases or long passwords makes it difficult for the hackers to hack. Recycling of the same passwords for multiple places should not be practice for avoiding the hacking of the accounts.
  • 5. Adobe Systems tries to notify each of his individual customer via email about the same and recommended them to change their password. However, it is still under doubt that all of the Adobe users might have changed their password just by the email notification. There are two probabilities- first it might have been filtered as spam mail and the second being it might have been disregarded as a phishing message. Impact: People who were using same password which they are using for other accounts related to banking, social media, etc. they might be at risk. If things like that happens then it may be lead to anything like fraud banking transactions, illegal activities through social media on the name of someone else or may be damaging your social and personal life. Steps taken by Adobe Systems after the breach Brad Arkin is the Chief Security officer and spoke person for Adobe Systems. He has apologized from the organization side for the same and made an important customer security announcement. These kind of cyber-attacks are the harsh reality of the in today business. He also express regret for customers whose confidential data or credit/ debit card information has been stolen. Some of the steps taken by the organization are:- First thing was as a precaution passwords of all the relevant customers has been reset, in order to avoid any further unauthorized access to the accounts of the valuable customers. The customer’s whose account was involved in the breach will be notified by the email with the instructions for how to reset the password. It was also recommended by Adobe systems to change the password of any account which has the same password as of Adobe account to be on the safer side. Adobe is also in a process to inform the customers whose debit or credit card information was being involved in the breach. If such an information is being involved for any
  • 6. customer then, then they will receive a notification letter from Adobe with the additional steps other than the password reset for protecting the account against misuse of such kind of information. Apart of this, a special service option of enrolling into one year complimentary credit monitoring membership was made available for the customers whose credit or debit card information was involved. This was one of the crucial steps taken by Adobe to regain their customer trust. Adobe has also notified the banks who process the payments for them. Therefore, they can work with the payment card organization as well the banks to protect their customers’ accounts. Adobe systems have also contacted federal law enforcement and they are assisting in them in investigating the same. Recommendations Following are some of the general recommendations for the Adobe security breach:- 1. Reset your Password For the people who have same password for Adobe and some other accounts; it is highly recommended that they should change their password(s) at the earliest. For the other people who doesn’t have similar password; they should also change their Adobe password to be on the safer side. For changing the password instead of using the email notification try resetting it directly from the website which is much safer. 2. Using LastPass Tool Online tool created by a security firm named LastPass has made it easy to check whether your Adobe account is a part of the security breach or not. You just need to enter your email id
  • 7. through which you may come to know within few seconds that whether you are a part of the breach or not. 3. Never reuse your password Reuse of the password should not be practiced i.e. never use same password for the two or more accounts for the internet services. Because if you use the same password for two or more accounts chances are that if any one of your account is comprised that the other may also be compromised in no time. The best practice is to use different password for different accounts. Although it’s difficult to do so if you have numerous accounts online but should be ideal to do it. 4. Create a Strong Password Creation of strong password is highly recommended as it’s not easy to guess and probably may not be compromised easily. Always create the strongest password possible as per the guideline of the individual websites. As each website can have certain protocol in terms of accepting of the passwords; so by following those protocols strong passwords needs to created. 5. Unique Password Hint Password hint which is being used for the recovery of the password should be unique so that it can be understood only by the user. It should not be like same as Facebook, pet name etc. because such kind of password hint makes it easy for the hackers to guess the password. In case of Adobe as well many of the passwords are being compromised based on the hint. 6. Password Paraphrasing Passwords should at least 13 characters long; phrasing of passwords can be done instead of usage of words. Paraphrasing usage of passwords making it difficult for hackers to identify the passwords and hence the breach will not happen. Also, the longer password, much more protected you are from hacking.
  • 8. References 1. Pagliery Jose, Adobe has an epically abysmal security record, October 8, 2013, http://money.cnn.com/2013/10/08/technology/security/adobe-security 2. Threat to Computer Accounts Due to Adobe Security Breach, Champsupport, November 15, 2013, http://champsupport.wordpress.com/2013/11/15/alert-threat-to-computer-accounts-due-toadobe-security-breach 3. Samuel Liles, 2013 Adobe Data Breach (on going analysis), November 4, 2013, http://selil.com/archives/4938 4. Ken Westin, Adobe Breach compromised 234,379 military and government accounts, Nov 13, 2013,http://www.tripwire.com/state-of-security/vulnerability-management/adobe-data- breach-compromised-234379-military-government-accounts/ 5. Lookout, Security Alert: Adobe Password Breach,November 12, 2013, https://blog.lookout.com/blog/2013/11/12/security-alert-adobe-password-breach 6. Adobe hack: At least 38 million accounts breached,30 October 2013,http://www.bbc.co.uk/news/technology-24740873 7. Brad Arkin, Chief Security Officer,Important Customer Security Announcement, http://blogs.adobe.com/conversations/2013/10/important-customer-security-announcement.html 8. Michael York,Adobe’s security breach and the impact to you,November 21, Breach,November 13, 2013,http://www.postmanmojo.com/blog/adobes-security-breach-impact 9. Jay Nancarrow,Facebook Warns Users After Adobe 2013,http://krebsonsecurity.com/2013/11/facebook-warns-users-after-adobe-breach 10.Nick Bilton,Adobe Breach Inadvertently Tied to Other Accounts, November 12, 2013,http://bits.blogs.nytimes.com/2013/11/12/adobe-breach-inadvertently-tied-to-otheraccounts