Scam of the day – October 9, 2013 – Critical new developments in Adobe hacking

Recently I informed you of the major hacking into Adobe, the maker of many software programs that we all use.  Personal data on 2.9 million Adobe users was stolen by hackers over a period of as much as five months before Adobe discovered the breach of its security and it was not until a computer security company alerted the public to the hacking that Adobe, itself made a public statement about the hacking even though forty six states have laws requiring that companies notify its customers of data breaches when they occur.  Adobe is only now notifying affected customers who can expect to receive a letter within the next two weeks if their personal information, such as name and credit card information was compromised.  But, as I often say, things are not as bad as you think.  They are far worse.  The hackers not only got information about customers.  They also got source code for the Adobe Acrobat PDF reader and the Adobe ColdFusion web app developer’s tool.  This will enable identity thieves and hackers to poison PDF’s that you open on a tainted website such that when you use Adobe Acrobat to read the PDF, you will unwittingly be downloading malware such as keystroke logging malware that can steal all of the information from your computer and use it to make you a victim of identity theft.  Adobe ColdFusion is used by many creators of mobile apps and websites.  By having the source code for Adobe ColdFusion, hackers and identity thieves can infect these apps and websites so that when you use the apps or websites, you again download dangerous malware.

TIPS

If you are a regular user of Adobe products and you receive a letter from the company telling you that your security has been breached, you should be particularly alert as to monitoring your financial accounts.  You should also consider putting a credit freeze on your credit reporting agency accounts.  You can find instructions here on the Scamicide website as to how to do this.  You should also make sure that your security software for your computer, smartphone and tablet are up to date and that you have the latest anti-malware software as well.  Even if you have not been directly affected by the breach, you should consider using a PDF reader other than Adobe.  There are many free ones available that are more secure than Adobe, such as Evince or Sumatra PDF.  You can find a list of them at www.pdfreaders.org.