I do not have CC but have a CS6 Production Suite License and Adobe sent me a message tonight telling me about the problem and that they have reset passwords. You need to create a new one and they suggest that if you used the same ID and password on another site to change that as well. They also suggest monitoring all your accounts as you credit card could also have been compromised.
Adobe makes impressive software but their account systems leave a lot to be desired. I got the message, followed the reset instructions and am stuck in a permanent loop - reset password, go to sign in and get a message that you must reset your password, reset password, go to sign in and get a message.....
If you're worried about clicking on a link in an e-mail (which is a valid concern), simply go to adobe.com and log-in to your account. The system will automatically take you through a mandatory password reset and change. It worked fine for me.
>If you're worried about clicking on a link in an e-mail >(which is a valid concern), simply go to adobe.com and log-in >to your account. The system will automatically take you >through a mandatory password reset and change. It worked fine >for me.
That is what I did when I received the email. I never click links in emails. I always go to the web page. I have discovered a couple of phishing emails by going directly to the website and finding no mention of the problems mentioned in the fake emails.
Shoot nature with respect and don't trample it or startle its inhabitants. :)
>I'm not a CC customer and got the message, so it appears to >be everyone. >
I am thinking the access to Adobe's customer database was obtained through the CC webservers that were not fully locked down - there must of been a way to jump off from there into their back end production network.
"Extraordinary claims require extraordinary proof " - Carl Sagan
>Not sure why it would more likely to be through the CC >servers than the other servers -- they have had customer >accounts on their servers for years.
They probably installed new webservers and applications for cc - that could have led to something as basic as an incorrectly configured firewall policy or an admin account that should have been deactivated. Frankly, there are a lot of possibilities under a new service rollout for anything one does on the Internet. For example, I have seen devices come under login attack within minutes after being connected to the Internet due to a single incorrect route in an ip routing table.
"Extraordinary claims require extraordinary proof " - Carl Sagan
Sat 05-Oct-13 12:36 PM | edited Sat 05-Oct-13 12:40 PM by timpsm
No email from Adobe, yet I am a registered CS5 user. Possibly only the newest accounts or newest products have been compromised? I haven't been logged in or in touch with them in three years now.
Maybe David's CC Webserver theory is correct - Adobe may have held only the CS6 and CC account information available to the CC Servers. Older accounts may not have been needed by those servers and so were not there to be stolen . . . pure speculation . . . should finish my coffee first. tim
Sat 05-Oct-13 05:01 PM | edited Sat 05-Oct-13 05:07 PM by dagoldst
> >Maybe David's CC Webserver theory is correct - Adobe may have >held only the CS6 and CC account information available to the >CC Servers.
Actually, nobody that knows what they are doing keeps customer info on a webserver. It is maintained in a database server behind at least 2 firewalls and is passed through the FW with special rulesets to allow Internet facing webservers to make calls to those databases.
The idea is if the webserver gets hacked, the info is not on those servers in what is known as the DMZ, (yes, just like you thought, a demilitarized zone, ). There is an Internet facing firewall <-> Webserver <-> production facing firewall <-> internal network <-> database server/s. The database that was stolen is probably common to both CC and their regular customer accounts but the security hole was on the CC webservers/firewalls.
I am going into a Adobe rant, like many of you I am part of this hacking mess, I was told by Adobe that it would take up to two weeks for them to supply me with credit card monitoring by Experian ( their answer too this mess). I have asked to talk with a representative from the US, that I am able to understand. They say there is no way I can do this, seems kind of strange that I can talk to someone in US when I am purchasing, but not when there is a problem. This is really a poor situation, and not a way to treat their customers when they have a concern. When I asked if Adobe was going to take full responsibility for any thing that happens during this two week waiting period , they did not answer. Anyone have any ideas on how to talk with someone with Adobe in US?
Why should Adobe be any different from the U.S. Government. They have caused or allowed the release of my SSN to the general public. At one time sole practitioner tax preparers were required to put their SSN on every tax return they prepared. The U.S. Military used the SSN as a members serial number. The SSN is used as the Medicare account number.
Adobe is typical of companies that are hacked for the first time. Minimize the problem statements and don't provide any real customer links so you can talk to a real knowledgeable technician.
My questions are: 1) Did I get hacked? 2) What got stolen? 3) When did it get stolen. 4) Who in Adobe can I talk to by name and phone number to confirm the damage? 5)What is Adobe doing to provide me with monitoring services for my credit card? 6) Which Adobe VP lost their job for allowing this incident? 7) Have the bad guys been identified?
My guess Adobe does not know the answer, or does not want to take responsibility to fix the problem.
If you think this is bad, part of Obamacare calls for all medical records to be digitized and available to medical professionals.
This is not a rant against Obamacare, just a heads-up on what will inevitably become nothing more than a target rich environment for even so-so hackers.
There isn't any need to store customer's sensitive info; business can be conducted virtually, then allowed to "evaporate" into thin air. A new business model needs to be conceived wherein your local hot dog vendor doesn't get to store your credit card info or social security number.
You don't need to store a CC number to bill it. The bank will setup a tag number which only YOU can bill (you the supplier of ...), and then its the bank that takes care of security. The tag can even span new credit cards etc. I have no idea why companies insist on storing CC numbers, we don't -- just the tag which is a link between the supplier and the client (CC owner).
>You don't need to store a CC number to bill it. The bank >will setup a tag number which only YOU can bill (you the >supplier of ...), and then its the bank that takes care of >security. The tag can even span new credit cards etc. I >have no idea why companies insist on storing CC numbers, we >don't -- just the tag which is a link between the supplier and >the client (CC owner). > Interesting, but this seems that it's for something like monthly billing?
I was referring to one-time transactions for online purchase after which the vendor thinks it necessary to retain your info. Case in point is Amazon.
The Adobe ID account is more than just an accounting control method. It is used as the login and authorization for the various Adobe forums and special sites, like pre-release.
Further since many use a limited number of userIDs and passwords once a persons password for one site has been cracked, it might provide the password for other sites or provide an insight to how an individual creates or generates a password.
Many users like the one click buy and ship convenience.
I got multiple early emails because I tried posting to one of the multiple forums I post to hosted by Adobe. I did some checks and reset my password. This worked for all but 1 Adobe site, but because of DND, Do Not Disclose, I will say no more.
Adobe has posted this message from the start. With a worldwide customer base it can be difficult to send out a large mass of emails and keep the email server working. There is no question Adobe customer service could be better. But their response might not be the best, but it is miles ahead of their customer service on technical software issues or just basic licensing.
I only buy my software from brick an mortar stores because it helps the local economy and my neighbors.