11-14-13 | Blog Post
Although the updated Adobe hack number was last reported at 38 million users, Paul Ducklin of Sopho’s Naked Security blog has reported 150 million breached records have been found in a database dump online. While the passwords are encrypted, plaintext password hints have also been published alongside each record.
However, the database dump doesn’t include any of the 2.9 million encrypted credit and debit cardholder data that was also stolen in breach. Why is this such a serious breach? As I wrote about in Source Code, Encrypted Data Stolen as 2.9 Million Affected in Adobe Breach, according to Holden as reported by ThreatPost.com, a breach of the source code of an end user product allows hackers to write new malware and viruses.
Additionally, the hackers have been reportedly using ColdFusion exploits since January – targeting vulnerabilities in ColdFusion 10, 9.02, 9.0.1 and 9.0 for Windows to bypass authentication schemes and remotely control Web servers running ColdFusion.
Not sure if you’re been affected? LastPass has a handy and secure online tool that allows you enter your email and check if you’ve been affected by this breach. Visit Was My Adobe Account Hacked? to find out.
To combat future exploits, learn more about deploying various technical security software to create a multi-layered, defense in depth solution that can protect your databases, web servers, sensitive data and more.