Hold Security’s newly announced Deep Web Monitoring Program working with journalist Brian Krebs informed Adobe Systems Incorporated that source code for their flagship products has been found on servers of known hackers responsible for breaches of LexisNexis, Kroll, NW3C, and many other sites.
Over 40 Gigabytes in encrypted archives have been discovered on a hackers’ server that appear to contain source code of such products as Adobe Acrobat Reader,Adobe Acrobat Publisher, and the Adobe ColdFusion line of products. It appears that the breach of Adobe’s data occurred in early August of this year but it is possible that the breach was ongoing earlier. While it is unclear at this time how the hackers obtained the source code and whether they analyzed or used it for malicious purposes, it appears that the data was taken and viewed by unauthorized individuals.
This breach poses a serious concern to countless businesses and individuals. Adobe products are installed on most end-user devices and used on many corporate and government servers around the world. While we are not aware of specific use of data from the source code, we fear that disclosure of encryption algorithms, other security schemes, and software vulnerabilities can be used to bypass protections for individual and corporate data. Effectively, this breach may have opened a gateway for new generation of viruses, malware, and exploits.