Scam of the day – October 11, 2013 – New Adobe data breach developments

I have been reporting to you in October 5th’s Scam of the day and October 9th’s Scam of the day about the breach at Adobe, the maker of products such as Adobe Acrobat PDF reader, Adobe Photoshop and Adobe ColdFusion that is affecting a minimum of 2.9 million Adobe customers who had personal information including their names and credit card numbers stolen by hackers.  There is a good reason for my focus on this breach, which is that it may end up affecting many millions more whose information was not stolen.  Adobe was targeted both because it is very popular and because it is very vulnerable.  The code for many of its programs are old and not state of the art.  It is easier for hackers and identity thieves to find and exploit vulnerabilities in these programs.  The Adobe ColdFusion program is used by many companies and governmental agencies in the construction of websites.  Even the Department of Defense uses it.  It is entirely possible in stealing the code, that hackers would be able to steal data bases from agencies and companies that use these programs.  This is not a far fetched idea.  Earlier this year the National White Collar Crime Center which uses Adobe ColdFusion had its data stolen in this manner.  Consequently anyone using Adobe products is potentially at risk because if you use their software or go to a tainted website, you may end up downloading unwittingly keystroke logging malware that can steal all of your personal information from your computer.  Even if you have up to date anti-malware software, you may still be vulnerable because the makers of anti-malware software are always at least a month behind in protecting against the latest viruses and malware.

TIPS

Just as the Department of Homeland Security advised people not to use Java software if they could avoid it because of similar hacking and malware problems so should you consider using other software for reading PDFs or creating websites.  In my Scam of the day of October 9th I told you about www.pdfreaders.org where you can find a list and links to other PDF reading software.  If you do decide to continue to use Adobe software, you should immediately install their latest patches which have just been released.  Here is the link to the patch for Adobe Reader and Adobe Acrobat  http://www.adobe.com/support/security/bulletins/apsb13-25.html  and here is the link to RoboHelp 10 for Windows http://www.adobe.com/support/security/bulletins/apsb13-24.html  I will continue to follow this important story for new developments.  Make sure you read Scamicide each day so you don’t miss anything.

Scam of the day – October 9, 2013 – Critical new developments in Adobe hacking

Recently I informed you of the major hacking into Adobe, the maker of many software programs that we all use.  Personal data on 2.9 million Adobe users was stolen by hackers over a period of as much as five months before Adobe discovered the breach of its security and it was not until a computer security company alerted the public to the hacking that Adobe, itself made a public statement about the hacking even though forty six states have laws requiring that companies notify its customers of data breaches when they occur.  Adobe is only now notifying affected customers who can expect to receive a letter within the next two weeks if their personal information, such as name and credit card information was compromised.  But, as I often say, things are not as bad as you think.  They are far worse.  The hackers not only got information about customers.  They also got source code for the Adobe Acrobat PDF reader and the Adobe ColdFusion web app developer’s tool.  This will enable identity thieves and hackers to poison PDF’s that you open on a tainted website such that when you use Adobe Acrobat to read the PDF, you will unwittingly be downloading malware such as keystroke logging malware that can steal all of the information from your computer and use it to make you a victim of identity theft.  Adobe ColdFusion is used by many creators of mobile apps and websites.  By having the source code for Adobe ColdFusion, hackers and identity thieves can infect these apps and websites so that when you use the apps or websites, you again download dangerous malware.

TIPS

If you are a regular user of Adobe products and you receive a letter from the company telling you that your security has been breached, you should be particularly alert as to monitoring your financial accounts.  You should also consider putting a credit freeze on your credit reporting agency accounts.  You can find instructions here on the Scamicide website as to how to do this.  You should also make sure that your security software for your computer, smartphone and tablet are up to date and that you have the latest anti-malware software as well.  Even if you have not been directly affected by the breach, you should consider using a PDF reader other than Adobe.  There are many free ones available that are more secure than Adobe, such as Evince or Sumatra PDF.  You can find a list of them at www.pdfreaders.org.

Scam of the day – October 5, 2013 – Adobe data breach

Adobe makes software used by millions of consumers.  Recently Adobe announced that it had been hacked and personal information belonging to 2.9 million of its customers was stolen.  The stolen information included names, encrypted credit card numbers, and expiration dates as well as information pertaining to individual orders.  In response, Adobe is resetting passwords for affected customers.  If your user ID and password were compromised by the hacking, you will be receiving an email from Adobe with information about changing your password.  It is important if you use the same password on other websites, as many people do, that you also change your passwords there as well.  It is a good idea to have a different password at each website you go to.  Adobe is also offering customers whose credit or debit card information was stolen a free credit monitoring service for one year.

TIPS

If, as many people, you use Adobe products, you should be on high alert to the possibility of identity theft.  Keep close tabs on all of your accounts particularly those debit cards or credit cards that you may have used at Adobe.  I will keep you informed as further developments occur.