Adobe has admitted that hackers broke into its systems and accessed the source code for ColdFusion and possibly for Adobe Acrobat and other products. The thieves stole encrypted credit card numbers and other data, including usernames and passwords, from approximately 2.9 million customers. “We are looking at malware analysis and exploring the different digital assets we have,” said Adobe’s Chief Security Officer Brad Arkin. “Right now the investigation is really into the trail of breadcrumbs of where the bad guys touched.”
The breach was uncovered by Brian Krebs of KrebsOnSecurity and Alex Holden, CISO of Hold Security LLC. It appears to have occurred in mid-August, and Adobe has been investigating since September 17.
Thousands of designers and developers rely on Adobe products, and many enterprises use ColdFusion for their web applications.