A while ago, I posted an article on why I thought Adobe’s Creative Cloud model was a bad idea. The feedback from our readers was great, with over 300 comments and counting. Most agreed with my stance on why the “renting” model was not for everyone and talked about the risks associated with going to the cloud. Today, Adobe reported that its security was breached and hackers were able to obtain private information including customer names, encrypted credit/debit card numbers, expiration dates and other private data for 2.9 million customers, all part of the Creative Cloud subscription model.
If you have been lured by Adobe to move to its Creative Cloud, now is a good time to re-evaluate your membership status and take serious action. First of all, make sure to change your Creative Cloud password. Although Adobe says that they are resetting passwords and sending notification email to the accounts that were compromised, Adobe could have missed your account (and I would not be surprised if they did). Second, keep a close eye on your credit card / debit card transactions and if you see any unauthorized transactions, change your credit card immediately. In fact, you might want to change your card anyway, to be on the safe side. Third, evaluate the risk of exposing your credit card to such transactions. Personally, I avoid recurring authorizations and only allow such transactions in services I fully trust. If you want to keep your Adobe CC membership, see if you can pay for the plan in advance, say for a whole year. Lastly, there is no guarantee that this kind of breach will not happen again in the future – even Adobe admits that it is the “reality of doing business today” (see the press release below). Keeping customer data secure is a huge responsibility and Adobe should have tightened its data security before rolling out the Creative Cloud to the masses.
This is another proof why Adobe’s decision to move to the cloud is a very premature and bad decision. I am happy with my Photoshop CS6 that I bought when it was on sale and it might be the last version of Photoshop that I purchase from Adobe, if they never release another retail version and stay with the cloud. You can still buy a retail box version of Adobe Photoshop CS6 from various retailers today. I would grab it while it lasts and stay away from any of the “Cloud” updates.
Here is Adobe’s official Press Release:
POSTED BY BRAD ARKIN, CHIEF SECURITY OFFICER ON OCTOBER 3, 2013 8:08 AM IN EXECUTIVE PERSPECTIVES
Cyber attacks are one of the unfortunate realities of doing business today. Given the profile and widespread use of many of our products, Adobe has attracted increasing attention from cyber attackers. Very recently, Adobe’s security team discovered sophisticated attacks on our network, involving the illegal access of customer information as well as source code for numerous Adobe products. We believe these attacks may be related.
Our investigation currently indicates that the attackers accessed Adobe customer IDs and encrypted passwords on our systems. We also believe the attackers removed from our systems certain information relating to 2.9 million Adobe customers, including customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders. At this time, we do not believe the attackers removed decrypted credit or debit card numbers from our systems. We deeply regret that this incident occurred. We’re working diligently internally, as well as with external partners and law enforcement, to address the incident. We’re taking the following steps:
- As a precaution, we are resetting relevant customer passwords to help prevent unauthorized access to Adobe ID accounts. If your user ID and password were involved, you will receive an email notification from us with information on how to change your password. We also recommend that you change your passwords on any website where you may have used the same user ID and password.
- We are in the process of notifying customers whose credit or debit card information we believe to be involved in the incident. If your information was involved, you will receive a notification letter from us with additional information on steps you can take to help protect yourself against potential misuse of personal information about you. Adobe is also offering customers, whose credit or debit card information was involved, the option of enrolling in a one-year complimentary credit monitoring membership where available.
- We have notified the banks processing customer payments for Adobe, so that they can work with the payment card companies and card-issuing banks to help protect customers’ accounts.
- We have contacted federal law enforcement and are assisting in their investigation.
We are also investigating the illegal access to source code of numerous Adobe products. Based on our findings to date, we are not aware of any specific increased risk to customers as a result of this incident. For more information, please see the blog post here.
We value the trust of our customers. We will work aggressively to prevent these types of events from occurring in the future. Again, we deeply regret any inconvenience this may cause you. If you would like additional information, please refer to Adobe’s Customer Support page.
Chief Security Officer