Adobe Breach Notification, Notifications?

Published: 2013-10-05
Last Updated: 2013-10-05 22:17:41 UTC
by Richard Porter (Version: 3)
9 comment(s)

 'UPDATE:'  We are receiving reports that notifications are being sent out. Thank you to the readers that posted some examples. It seems that the notifications are targeted towards certain services.     It goes without saying but we shall say it  'anyways' , we recommend changing any Adobe passwords. It reminds me of another life as a Submarine Hunter. If you recall the World War II movies well enough you can imagine when the Sub captain says "Send up the oil slick and debris" ... Then the Destroyer Captain "Ah... we got em' look at that!"

Even if I'm  'SURE'  I got it all, I'm never 100% positive and always suspicious. It makes me wonder how bad this will impact (to quote Mr Mike Poor) "The Intertubes" as Flash is EVERYWHERE :)

------ Initial Post ------

A few of us have noticed that there have been no eNotifications from Adobe for account resets or any sort of direct notice. Has any of our readers had 'any' sort of notice/notification or resets sent?

Richard Porter

--- ISC Handler on Duty

--- Twitter @packetalien --- Blog: packetalien.com (opinionated and blunt mixed with hard science)

9 comment(s)

Comments

Hi
I've received a notification from adobe for a reset.
I got one for an account associated with their exportpdf hosted service.
https://www.acrobat.com/exportpdf/en/home.html
Received this from Adobe -


Adobe
Important Password Reset Information
To view this message in a language other than English, please click here.

We recently discovered that an attacker illegally entered our network and may have obtained access to your Adobe ID and encrypted password. We currently have no indication that there has been unauthorized activity on your account.

To prevent unauthorized access to your account, we have reset your password. Please visit www.adobe.com/go/passwordreset to create a new password. We recommend that you also change your password on any website where you use the same user ID or password. In addition, please be on the lookout for suspicious email or phone scams seeking your personal information.

We deeply regret any inconvenience this may cause you. We value the trust of our customers and we will work aggressively to prevent these types of events from occurring in the future. If you have questions, you can learn more by visiting our Customer Alert page, which you will find here.
Adobe Customer Care
My story is: that I got the URL of the Breach and notice from a Security Bulletin and it led to Adobe. (keeping the name out for now, but it is reputable; sec bulletin source that is) Then when I went to sign in Adobe came up and requested the password to be reset. It was theirs, but I'm not so sure about the configuration of the reset system they have or it's possible passwords of some have been changed (not sure what they use config wise or what encryption algorithm for the hashed PW) I say this because after the reset a few times, I never got an email from them. I tweeted this awhile ago, but did all the PW reset tries yesterday.
I received this from Adobe:



Read online

Important Customer Security Alert
To view this message in a language other than English, please click here.

We recently discovered that attackers illegally entered our network. The attackers may have obtained access to your Adobe ID and encrypted password. We currently have no indication that there has been unauthorized activity on your account. If you have placed an order with us, information such as your name, encrypted payment card number, and card expiration date also may have been accessed. We do not believe any decrypted card numbers were removed from our systems.

To prevent unauthorized access to your account, we have reset your password. Please visit www.adobe.com/go/passwordreset to create a new password. We recommend that you also change your password on any website where you use the same user ID or password. As always, please be cautious when responding to any email seeking your personal information.

We also recommend that you monitor your account for incidents of fraud and identity theft, including regularly reviewing your account statements and monitoring credit reports. If you discover any suspicious or unusual activity on your account or suspect identity theft or fraud, you should report it immediately to your bank. You will be receiving a letter from us shortly that provides more information on this matter.

We deeply regret any inconvenience this may cause you. We value the trust of our customers and we will work aggressively to prevent these types of events from occurring in the future. If you have questions, you can learn more by visiting our Customer Alert page, which you will find here.
Adobe Customer Care
Adobe, the Adobe logo and Adobe PDF logo are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States and/or other countries. All other trademarks are the property of their respective owners.

©2013 Adobe Systems Incorporated. All rights reserved.
FYI...

- http://www.threattracksecurity.com/it-blog/adobe-data-breach-secure-accounts/
Oct 4, 2013
- http://www.threattracksecurity.com/it-blog/wp-content/uploads/2013/10/adobealert.jpg

.
**Update on my email/reset Password with Adobe issue"
Their reset system has never hit my cloud spam system before, I felt like an idiot finding it there after making a stink. I do have to admit that the spam catching it this time and never before says something.
From what I've seen, our creative cloud users were receiving "Password Reset" emails/breach notifications AFTER they tried logging into the system for the first time since the announcement.
I received the following from "Reader Store" today.
I don't recall having been a customer of theirs:



Dear Reader Store customer:

As you might know, Reader Store utilizes Adobe DRM to protect eBook content sold to our customers. Recently, Adobe has suffered a data breach which may have compromised some of their customer accounts and passwords. Your Reader Store account may have been associated with your Adobe account. As a precaution, we have reset your Reader Store password. Please access the following link to create a new password.

<Link to site in mail.na.readerstore.sony.com >

We also recommend that you update your Adobe password if you have not done so already. Please refer to Adobe's support site for more information about this issue.

Please note that any credit/debit card information you may have provided to Reader Store is not associated with your Adobe account and is not at risk. Should you have any further issues or concerns regarding this matter, please consult our Customer Service team here.

Sincerely,

The Reader Store Team

Diary Archives