
Adobe Breach Impacted at Least 38 Million Users - doh
http://krebsonsecurity.com/2013/10/adobe-breach-impacted-at-least-38-million-users/
======
neya
I was personally affected by the breach. My bank, who were competent enough
deserve all the credit - Actually, they called me and let me know that someone
from a different country had tried to withdraw a huge sum of money from my
card and they found it suspicious and thus blocked the transaction (and the
card). They were kind enough to issue me a replacement card in just 5 days.

At first I wasn't sure if I was negligent and entered my card details on some
scam site instead of Adobe's, but later I just realized after double checking
that only the night before the breach was announced had I upgraded to CS 6
from CS 5.5 through Adobe's official store. Next time, I plan to use a
temporary card for one-off purchases.

~~~
drbawb
I really need to switch to a bank that offers temporary cards.

My card was also stolen recently, a European company that sells VoIP gear
(webcams, USB phones, etc.) tried to charge my card for $25 four times in a
row, with the transactions spaced out over 4 seconds.

I'm surprised the bank caught it. Had it not been for the repeat charges, they
might have let it slide. That type of purchase fits my spending profile
relatively well. (I've ordered electronics from outside the US on numerous
occasions.)

------
smtddr
_> "It also appears that the already massive source code leak at Adobe is
broadening to include the company’s Photoshop family of graphical design
products."_

Whoa, GIMP version 3.0 is going to be _AMAZING++_

~~~
w1ntermute
I hope this really helps the GIMP team improve PSD support.

~~~
ars
They have to be VERY careful, since it's a clear copyright violation.

The only way this could work is for someone who never again will do any work
for GIMP to analyze the code and write a spec for .psd (good luck with that :)
and give GIMP the spec.

------
josephagoss
Funny thing, my card was cancelled by my bank for the first time and it's most
certainly due to Adobe. Of all the services that I ended up missing payments
for whilst waiting for a new card guess what one sent the most threatening
email about deleting my cloud files unless I added a new payment method ASAP?

Adobe.

Such a fail. After my creative cloud "contract" is over I am out for good.
Disgusting company.

~~~
mattront
I complained to Adobe (through chat) for a similar reason and suggested they
give at least one month of service for free. They extended my subscription on
the spot.

~~~
grey-area
Since the 'service' supplied to you costs them virtually nothing for the
month, that's not really much for them to offer... it's not like their online
service requires a massive server farm like an online game, so you are pretty
much paying in advance for unspecified updates every now and then. Combine
that with security breaches like this, and it's not very attractive.

I still use their CS software professionally all the time, but since they
moved to pushing a subscription CC over software you can pay for once, I've
started looking for alternatives, and will not sign up for their monthly
service charge, which is around $75 in the UK. I expect it to rise steadily
with inflation, and for updates to gradually slow down to a trickle, instead
of every two years as before, so it's a very bad deal in my opinion - after
just about 6 months it would cost me more than it would to buy an upgrade
which never expires and can be used for several years before upgrading.

I'll look at other software instead.

~~~
neya
Well said. I don't think there's really a good alternative to Photoshop at the
moment. I used GIMP about 2 years ago and remember being not that much
impressed...So I'm going to stick with CS6 for now and hope at some point they
will offer the suites again.

------
didgeoridoo
We're a 28-person agency, and have been looking for ways out of Adobe's
ecosystem since Creative Cloud ate their product roadmap. It was impossible
until this year, with Sketch and (TBD) Macaw as the likely dream team
replacement. Hopefully by this time next year, we'll be able to cut from
20-something licenses to five or fewer. Sorry, Adobe, but being aggressively
anti-customer only works for a while.

~~~
henningtegen
My startup is currently working on a replacement for Photoshop for concept-
artists & illustrators:
[http://www.getleonardo.com](http://www.getleonardo.com)

If you want a couple of free beta licenses just drop me an email at: henning
'dot' tegen 'at' xadesoftware 'dot' com

------
Sandman
I didn't even know I was a registered member of Adobe's site until I received
their password change email a couple of days ago. I don't know when I
registered, it must have been at least three or four years ago while I was
into Flex. Anyway, when I recieved the email I looked for information on when
the breach occurred. According to krebsonsecurity.com, it happenned some time
in the second half of September. This means I recieved an email prompting me
to change my password about a month (!) after the breach occurred.

And that's not all. After I got the email, I wanted to close my account.
Believe it or not, unless you're willing to call their US phone number (from 6
am - 8pm, Pacific time), you can't do it. Well, i'm not from the states, and
I'm pretty angry that Adobe makes me jump through hoops just to close my
account, especially in light of their recent security problems.

~~~
Osmium
> This means I recieved an email prompting me to change my password about a
> month (!) after the breach occurred.

I only received mine after I attempted to log in. Whether that was by
coincidence or not I don't know.

------
0x0
I never got the email but I changed my adobe id password anyways. But even
after a password change, photoshop cc and the adobe app manager were still
signed in. I tried to force a logout but got a warning that it would uninstall
all my cc apps. So I cancelled that, and my adobe apps are still signed in "on
the old password"...

~~~
zentiggr
Sounds like it would be better to let them uninstall... craziest vendor lock
in crap I've ever seen.

Stories like this are why I don't use Adobe products.

------
grecy
I wonder what cool things can be learned from the PS source. It would be
amazing to see someone do a detailed analysis / walk through of it.

~~~
nwh
I doubt anything. It's a mashup of various languages, broken interfaces and
hilarious bugs.

Here's some of my favourites that I've encountered in my use of their pathetic
products:

[http://bad-adobe.tumblr.com/post/35671000643/](http://bad-
adobe.tumblr.com/post/35671000643/)

[http://bad-adobe.tumblr.com/post/57065003458/](http://bad-
adobe.tumblr.com/post/57065003458/)

[http://bad-adobe.tumblr.com/post/54814875332/](http://bad-
adobe.tumblr.com/post/54814875332/)

[http://bad-adobe.tumblr.com/post/53922218860/](http://bad-
adobe.tumblr.com/post/53922218860/)

I don't think you'll find many people who haven't had the monolithic
application completely fail on them at one point or another, inevitably during
critical or expensive work.

------
danieldk
We have been impacted by two of these hacks (Playstation Network and Adobe). I
use a password manager to generate random passwords for most sites. With this
and the extend of online spying/wiretapping I am now seriously starting to
reconsider the use of online services. Let alone 'offline software' that
requires you to create an online account.

Adobe and Sony are nice targets when it comes to prestige. But there is a lot
more low-hanging fruit - smaller organisations that have far worse security,
but troves of interesting information.

Of course, it was easy to see all of this coming, but convenience usually gets
the upper hand, and many people have ended up distributing more of their
private information than they wished.

------
beedogs
The stealth editing of these HN titles is really getting out of hand. What's
the deal with removing "Photoshop source leaked" from the headline here? It's
in the freaking first paragraph of the report.

~~~
fletchowns
Because that's the <title> of the article.

[https://news.ycombinator.com/item?id=6572466](https://news.ycombinator.com/item?id=6572466)

------
InternalRun
Sooooo... Anyone got a link to the code?

------
bobert_c
The best part is they let me "reset" my password to the old one. Just testing
on my part, but great job!

------
ChikkaChiChi
Adobe will leverage this to their advantage. Instead of offering an offline
version for their products because customers, we'll get a "We've ironed out
the kinks and are now more secure than ever!" when the issue comes up again.

------
MattBearman
I very rarely buy a months subscription for Photoshop, maybe one or two months
a year, so because of that I never allowed Adobe to save my card details.
Seems I just dodged a bullet.

------
badinker
Does anyone have any links to the source code? I don't see anything on
anonnews.org

------
bparsons
I have received no notice from Adobe. Just checked my email.

------
_sabe_
“We are still in the process of investigating the number of inactive, invalid
and test accounts involved in the incident,”

So basically their whole main user database was stolen.

------
monsterix
At least 38 Million? I have a hunch that this _is_ the total number of paying
users that they have for their suite at all. I'd be surprised if this breach
and the stolen materials do not affect their business badly.

~~~
aeberbach
Chances are it includes a large proportion of 30-day trial users - who have to
go through the same painful process of registering for the "creative cloud"
and installing all the same "added features" as the paying customers. Adobe is
not one of those companies that just lets you drag a binary into the right
place and get on with the job, then dump it in the trash when you don't want
it any more.

~~~
aristus
> _Adobe is not one of those companies that just lets you drag a binary into
> the right place..._

Photoshop used to work _exactly_ like that, 15-20 years ago. It was actually
quite nice when setting up an office full of workstations.

------
danjayh
I have mixed emotions on this. On the one hand, Adobe's poor security has hurt
_millions_ of their users. On the other hand, Adobe has invested many millions
of dollars into the development of Photoshop, and thousands of people rely on
it for their livelihoods. Their image processing algorithms are top-notch, and
until now, were essentially unavailable to competitors. If source for
photoshop-specific killer features is leaked, the damage to Adobe could be
irreparable, which is sad, because they really are quite an innovative company
and I'd hate to see them disappear.

~~~
dmix
Yes, because Adobe's market dominance with Photoshop has been the result of
it's source code... just like Microsoft has with Windows. /s

I hardly doubt some competitor will pop up with a bunch of cloned features
from photoshop's codebase, and suddenly hurt their market position.

There's hardly even a single competitor to Photoshop in the first place.

~~~
sandstrom
There is Pixelmator which is quite cool, but they are only a few years old
yet.

~~~
Samuel_Michon
6 years. I think they’re going to be around for a while.

[http://en.wikipedia.org/wiki/Pixelmator](http://en.wikipedia.org/wiki/Pixelmator)

