Adobe Hacked, 2.9 Million Customer Accounts Compromised

[ljdonato]

I just received my first spam ostensibly from Adobe asking for me to reset my password. The obvious tip offs were that there was no explanation as to why and a direct link to do the reset. I also don't have an Adobe account at that address. It didn't take spammers long

Sure didn't take long.
As I explained earlier, my email was much different, with all links asking to reset my password going to the real adobe site. Anyway, I dont tend to click directly on email links, so I went to adobe site and was completely surprised that I could enter with my old password, even though the email claimed that it was reset.
I let it rest for a while, and later in the evening went back again and still was able to enter with my old password!

Anyway, just to be sure, I changed my password. But it makes me wonder, if in reality Adobe sent that email (as all headers and links tend to indicate), what kind of security is running there, that even their passwords resets don't work...

 

[Jon-PDX]

I just received my first spam ostensibly from Adobe asking for me to reset my password. The obvious tip offs were that there was no explanation as to why and a direct link to do the reset. I also don't have an Adobe account at that address. It didn't take spammers long

For what it's worth, I got an email like that "after" I had gone to Adobe's site to reset my password. The link in the email "was" to Adobe's site and the email arrived as soon as I had requested the password reset.

The first email I got was the one informing me of the situation and included a link (not clickable) in the form of a web address that I copied and pasted into my browser.

Oh, when I went directly to Adobe's site and tried to login it directed me to a page stating I needed to reset my password. It would not let me login with my original password.

Thankfully the only reason I have an account with them is from when I purchased a boxed version of PSE-9 so the only information they have is my name, email, and password. No CC info or even my mailing address.

I don't even have PSE-9 installed anymore and had forgot about having created the account to register the product.

Jon...

 

[joepunk]

I just received my first spam ostensibly from Adobe asking for me to reset my password. The obvious tip offs were that there was no explanation as to why and a direct link to do the reset. I also don't have an Adobe account at that address. It didn't take spammers long

This is what I got:

Important Password Reset Information
To view this message in a language other than English, please click here.

We recently discovered that an attacker illegally entered our network and may have obtained access to your Adobe ID and encrypted password. We currently have no indication that there has been unauthorized activity on your account.

To prevent unauthorized access to your account, we have reset your password. Please visit www.adobe.com/go/passwordreset to create a new password. We recommend that you also change your password on any website where you use the same user ID or password. In addition, please be on the lookout for suspicious email or phone scams seeking your personal information.

We deeply regret any inconvenience this may cause you. We value the trust of our customers and we will work aggressively to prevent these types of events from occurring in the future. If you have questions, you can learn more by visiting our Customer Alert page, which you will find here.

Adobe Customer Care

Adobe, the Adobe logo and Adobe PDF logo are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States and/or other countries. All other trademarks are the property of their respective owners. ©2013 Adobe Systems Incorporated. All rights reserved.

I tried signing in but looks like adobe want's me to change my password. The notice came to the email address associated with my adobe product.
What's great is I don't have any credit card info on their system. Just the ability to download Lightroom.

 

[kylepro88]

Why, because they're somehow unwarranted?

How exactly do you obtain Adobe products today without giving them your CC number? You can't. There is no box to buy (other then old copies of CS6). It's all digital downloads straight through Adobe's decrepit system.

When Adobe switched to CC, they effectively forced anyone who wants or needs to use their software to have a credit card. How does this not suck? In what warped universe are Adobe's actions somehow validated and/or even warranted?

-SC

I wasn't making a judgement one way or another with my post, you're reading into it. The concern over CC is understandable. I was just making a joke about the issue opening the floodgate to more controversy lol. *shrug*

 

[alphaod]

I just signed up like a week before the announcement for the Photoshop Photography plan for $10 a month... and I just realized I have yet to log in probably because where I am, I am unable to physically download any of the Adobe programs without spending a day and half downloading (and most likely timing out and having to restart the process).

 

[finaldiner]

It's started!

The stolen data is now being given away online. I just received my first 2 spam emails to 2 addresses that I only used with Adobe!

Luckily, That's pretty much the only useful data of mine that was on Adobe's database, but if the passwords have been hacked then anyone with more sensitive stuff on there should now be VERY vigilant!