Software company Adobe just disclosed a significant security breach of its systems in which it said customer user names, passwords and credit card numbers may be affected. “We also believe the attackers removed from our systems certain information relating to 2.9 million Adobe customers, including customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders,” Adobe chief security officer Brad Arkin said in a corporate blog post.Of particular note for those who don't have personal accounts at Adobe:
The attackers apparently made off with source code for several Adobe products, Arkin wrote. In a separate post on that incident, the company said it is not yet aware of any “specific increased risk to customers.”There was more analysis of this today:
Security experts said this is serious business. “This is a source code breach not just a data breach,” said Dan Hubbard, CTO of web security vendor OpenDNS. “Having source code is a huge advantage because they can more easily hunt for and find weaknesses in the code. Before they’d have to run lots of black-box testing to do that.”And there's a long discussion thread at Reddit.
Another security specialist who could not speak on the record because he works with many of these vendors, agreed. “The issue here is that these guys will be able to find vulnerabilities and develop custom malware and use it privately before it ever goes public,” he said.
ELI5. How does this (potentially) affect those of us who have Adobe products (flash etc) on our computers but don't have accounts with the vendor. Are we at risk for having the security of our home computers compromised?