This comment posted earlier today on the Naked Security blog post about Adobe's massive breach is potentially worrying:
"Turns out the encrypted credit card data might be using similar encryption. My card that is on file with Adobe was just used to pay for a flight with Qatar Airlines. I wonder where I am going?"
Of course there are explanations other than someone has used compromised information stolen from Adobe and doesn't flying on an airline tell the authorities where someone will be at a given time and date?
IMPORTANT: Adobe Hacked
-
Mike Farley
- Posts: 7316
- Joined: Tue 11 Sep 2012, 16:38
- Contact:
-
Mike Farley
- Posts: 7316
- Joined: Tue 11 Sep 2012, 16:38
- Contact:
Re: IMPORTANT: Adobe Hacked
I have just received today a letter from Adobe informing me that the third party who hacked them "used our systems to decrypt some card numbers". The letter was dated 23 October and posted from the States. It is the first time I have had advice from Adobe that such vital unencrypted data was taken. Given the potential consequences, I am surprised that the company chose to inform me by sending a letter via international post.
-
Mike Farley
- Posts: 7316
- Joined: Tue 11 Sep 2012, 16:38
- Contact:
Re: IMPORTANT: Adobe Hacked
Further to my earlier post, I phoned Adobe and spoke to someone who informed that my credit card details were among those compromised. I am not sure when they were planning to inform me of this, but I get the feeling that they are simply overwhelmed given that several million customers are involved. It required an extremely long wait to get through to them on the phone. As a result, I have now had to cancel my credit card and get a new one issued, which will take some time. Thanks, Adobe.
I did try to get some information about the measures the company has put in place to prevent a recurrence, but no one I spoke to had been made aware of the technical details. One thing I did learn was that Adobe's payment systems were not PCI compliant before the hack, which is a massive omission especially from an organisation of that size and status. Adobe is still making changes, which understandably will take time, and expects to make a statement about the measures it has taken in the next couple of months.
In the meantime, I am assured that any new information I provide to the company is completely safe with them ............
I did try to get some information about the measures the company has put in place to prevent a recurrence, but no one I spoke to had been made aware of the technical details. One thing I did learn was that Adobe's payment systems were not PCI compliant before the hack, which is a massive omission especially from an organisation of that size and status. Adobe is still making changes, which understandably will take time, and expects to make a statement about the measures it has taken in the next couple of months.
In the meantime, I am assured that any new information I provide to the company is completely safe with them ............
Who is online
Users browsing this forum: No registered users and 67 guests