Creative Cloud Gets Hacked

By Ryan Majeau | Posted in my blog for

Adobe Creative Cloud HackedThat didn’t take long. It was great to wake up to an email this morning from Adobe Customer Care, the subject line “Important Customer Security Alert.” Looks like Adobe got hacked, and I’m not alone—there are 2.9 million others in the same boat.

The email has everything you’d expect to hear from a big name company that’s just suffered an embarrassing incident. They’re sorry, they regret the inconvenience, they value me (or at least my money).

The bad news? It’s not just my Adobe ID and password that may have been stolen. My name, credit card number, its expiration date, plus all of my order details could’ve been too. The silver lining on this cloud? The credit card info was encrypted. But if the hackers could get this info in the first place, should I feel confident they can’t decrypt that too?

Adobe kicked Creative Suite to the curb in May, opting for the $50-per-month subscription plan for Creative Cloud—something apparently “everyone” preferred. I wonder if that would’ve been the case if “everyone” knew that their personal info would be a prime target for hackers.

Adobe pretty much put a “hack me” sign on its back. It was only a matter of time before cyber criminals cashed in on the jackpot of newly subscribed users, all now making monthly payments to their credit cards. This is just the beginning of a new trend in cyber crime taking aim at subscription software services. I’d say the 2.9 million compromised accounts is a good payload, wouldn’t you?

Brad Arkin, Adobe’s Chief Security Officer, tried to soften the blow with a statement saying “Cyber attacks are one of the unfortunate realities of doing business today.” Thanks Brad, I feel much better now.  

Aside from user data, Adobe also had the source code for some of its software stolen too. I’m not shocked that Acrobat was on the list. Corrupted PDFs have been a popular venue for viruses, Trojans and other exploits for years. If you know how the product is built, you can do even more damage. Well played hackers.

Adobe is taking steps to correct this exploit, but advises everyone to keep a close eye on their finances for any sign of identity theft. If you’re a Creative Cloud user, change your password. If you use that password elsewhere, change it there too—and shame on you for using the same password in more than one place.