Adobe is warning users about a massive breach of its systems that exposed both source code and user account information.

Adobe Chief Security Officer Brad Arkin reported in an Adobe blog post that his company was breached with attackers gaining access to Adobe customer IDs.

"We also believe the attackers removed from our systems certain information relating to 2.9 million Adobe customers, including customer names, encrypted credit or debit card numbers, expiration dates and other information relating to customer orders," Arkin stated. "At this time, we do not believe the attackers removed decrypted credit or debit card numbers from our systems."


Even though the data was encrypted, Adobe is taking additional measures to further protect user information. For one, all of the affected Adobe ID accounts are being reset, with users now required to create new passwords. Banks have also been notified so as to further mitigate the risk of potentially exposed credit card information.

Going a step further, Arkin noted in his blog post that, "Adobe is also offering customers, whose credit or debit card information was involved, the option of enrolling in a one-year complimentary credit monitoring membership where available."

Source Code Leak

Adobe IDs were not the only thing the attackers might have accessed. Source code for Adobe Acrobat, ColdFusion, ColdFusion Builder and potentially other Adobe products was also stolen in the data breach. Arkin does not have any indication at this point that the source code leak will lead to increased risk for users.

While Adobe is taking many steps to warn and protect users, the reasons behind the breach are not currently known.

"Adobe is doing the right thing by utilizing resources to protect their customers, however some insight as to what the attackers did with the source code and the type of access they had would be intriguing," Tommy Chin, technical support engineer, CORE Security told eSecurity Planet. "It is a possibility that the attackers wanted to move the attention to the customer data to cover up what was done to the source code if the attackers obtained write access."

Dwayne Menlancon, chief technology officer for security vendor Tripwire is also concerned about the source code part of the breach.

"This breach is rumored to have been perpetrated by the same attackers that compromised LexisNexis and a number of other organizations, so they likely used the same techniques," Menlancon said. "That means the attackers planted a rogue executable on the targeted systems and used that to create a command and control channel back to the attackers."

Menlancon noted that what the Adobe breach helps to underscore is the importance of continuously monitoring systems for suspicious changes and verifying any unrecognized programs.

"Maintaining a good baseline of known, trusted and secure system configurations and application binaries is essential in today's environments so you can quickly tell which systems, applications and components you can trust," Menlancon said.

Sean Michael Kerner is a senior editor at eSecurityPlanet and InternetNews.com. Follow him on Twitter @TechJournalist.