Scribd Logo
Upload

Welcome to Scribd!

  • 207 views

    Adobe Data Breach Presentation

    Uploaded by

    alan king
    Adobe suffered a major data breach in 2013 that impacted over 38 million users. The breach occurred when attackers exploited security vulnerabilities to access a customer database containing personal information. It was caused by poor security practices like outdated software and using the same encryption key for all passwords. The breach had short-term impacts like economic losses, legal issues, and reputation damage. Long-term, it reduced customer trust and made it harder to attract new talent. To prevent future breaches, Adobe suggested improving firewalls, intrusion detection, access management, and conducting regular security audits and maintenance.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd

    Adobe Data Breach Presentation

    Uploaded by

    alan king
    207 views18 pages
    Adobe suffered a major data breach in 2013 that impacted over 38 million users. The breach occurred when attackers exploited security vulnerabilities to access a customer database containing personal information. It was caused by poor security practices like outdated software and using the same encryption key for all passwords. The breach had short-term impacts like economic losses, legal issues, and reputation damage. Long-term, it reduced customer trust and made it harder to attract new talent. To prevent future breaches, Adobe suggested improving firewalls, intrusion detection, access management, and conducting regular security audits and maintenance.

    Original Title

    Adobe_data_breach_presentation.pptx

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Adobe suffered a major data breach in 2013 that impacted over 38 million users. The breach occurred when attackers exploited security vulnerabilities to access a customer database containing personal information. It was caused by poor security practices like outdated software and using the same encryption key for all passwords. The breach had short-term impacts like economic losses, legal issues, and reputation damage. Long-term, it reduced customer trust and made it harder to attract new talent. To prevent future breaches, Adobe suggested improving firewalls, intrusion detection, access management, and conducting regular security audits and maintenance.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    207 views18 pages

    Adobe Data Breach Presentation

    Uploaded by

    alan king
    Adobe suffered a major data breach in 2013 that impacted over 38 million users. The breach occurred when attackers exploited security vulnerabilities to access a customer database containing personal information. It was caused by poor security practices like outdated software and using the same encryption key for all passwords. The breach had short-term impacts like economic losses, legal issues, and reputation damage. Long-term, it reduced customer trust and made it harder to attract new talent. To prevent future breaches, Adobe suggested improving firewalls, intrusion detection, access management, and conducting regular security audits and maintenance.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    of 18

    2022 S1 CCE Presentation 1

    A Report on 2013 Adobe Data Breach


    to the Chief Executive Officer
    Group 4:
    Xianyi Zhang 1043581
    Ruitong Fan 1281946
    Guanyi Ding 845553

    1. Brief Background
    2. Likely incident causes
    3. Short-term and long-term impacts of the incident
    4. Suggested prevention actions and associated solutions
    1. Brief Background
    Adobe data breach in 2013
    --one of the biggest incidents of the 21st century.

    ◺ From 2011 to 2013, Adobe shifted from selling desktop licenses to cloud-
    based service. Moving to cloud creates vulnerabilities to Adobe’s data
    security.
    - - technical &
    organizational blind spots.

    ◺ In 2013, attackers leveraged security vulnerabilities and illegally accessed a


    customer database containing email addresses, payment data, customer
    names, password, and physical addresses. Over 38 million global users were
    impacted.

    3
    Adobe data breach in 2013
    Timeline
    ◺ Hackers accessed a source code repository sometime in mid-August 2013

    ◺ Adobe noticed breach and decommissioned the compromised database server at 17 th of


    Sep 2013.

    ◺ Adobe utilised a two-factor authentication for data and conducted vulnerability scanning
    at the end of the Sep in 2013.

    ◺ 2013, Oct,3: Adobe first confirmed that 2.9 million customers have had private information
    stolen. \cite{}

    ◺ 2013, Oct,29 : Adobe completed resetting the passwords for all Adobe IDs involved.

    ◺ 2013, Oct,30: Adobe increased the number of attacked account to 38 million. \cite{}

    ◺ At 30th of June 2015, Adobe engaged an independent auditor to certify that it has
    implemented the remediation work required by the government.

    ◺ 2018: The company was still dealing with the cleanup and announced a new Experience
    Cloud feature that makes security more important. 4
    2. Likely incident causes
    Technical Issues

    Poor security practices by the time of the breach:

    ⮚ Many Adobe backup server networks run outdated versions


    of the software, leaving them vulnerable to compromise.

    ⮚ Poorly-encrypted passwords: Adobe used the same encryption


    key for all passwords.

    6
    Organizational Blind Spots
    ⮚ Outdated organization structure
    Different departments were working
    separately. (the product engineering was
    totally separate
    from IT security)
    --Lack of communication
    --Some overlooking of responsibility during
    technical operations

    ⮚ Internal data leak from malicious insiders


    --espionage for financial reward or employee
    grievances
    7
    3. Short-term and long-term impacts of the
    incident
    Short-term impact
    ● Database Security
    ○ Leak of users’ information
    ○ Leak of source code for Adobe Photoshop
    ○ The database is no longer safe. (Be attacked again if
    nothing change)

    ● Complains and Bad news


    ○ Large amount of users will complain the company
    ○ Social media impacts and Negative news increase
    Need more budget to solve cyber security
    problem and more documents work to handle
    society and media
    9
    Short-term impact
    ● Economic losses
    ○ Stock fall
    ○ Compensation
    ○ Fine from government

    ● Legal Action
    ○ Facing legal liability

    Data breach brings high economic losses.


    Sometimes, it is a huge blow to the company!
    10
    Long-term impact
    ● Damage to company’s reputation
    ○ Poisoned search results on corporate brand
    ○ Loss of customers
    ■ Impacts the future selling

    ● Less attractive to new employees


    ○ Employee turnover (Especially at the executive level)
    ○ Difficult in finding new employees with high IT and
    security skills

    ● Loss of core competitive advantage


    ○ Loss of source codes may cause the leakage of core
    technology
    11
    4. Suggested prevention actions
    & Associated solutions to impact
    Prevention Action
    ● Firewall setup and the network architecture

    ○ The firewall monitors the flow of traffic


    ○ The installation of anti-malware programs

    ● Using intrusion detection system (IDS)

    ○ monitors both the hardware and software systems


    ○ identify any case of illegal attempt

    13
    Prevention Action
    ● Regular inspection and maintenance

    ○ Set up a monitor group to do regular inspection


    ○ Schedule regular system maintenance

    ● Strengthen user access management

    ○ Teach the user how to maintain high-level security


    ○ adopt proper user training measures

    14
    Response
    ● Towards User
    ○ Notify customers and business
    ○ Give Apology and compensation to users who were
    influenced

    ● Towards Public
    ○ Hire external auditors to do a full investigation
    ○ Call a press conference

    15
    Response
    ● Towards Government
    ○ Pay the fine against the agreement
    ○ Consult with legal counsel

    ● Towards the internal organization


    ○ Settle multistate data breach enforcement action.
    1. Nominate a Chief security officer(CSO)
    2. Hire skilled experts to fix data leakage
    3. introduce proper data storage systems

    16
    References
    ‘5 Damaging Consequences of A Data Breach’, METACOMPLIANCE MARKETING TEAM,
    25/2/2020 https://www.metacompliance.com/blog/5-damaging-consequences-of-a-data-breach/

    ‘What is the cost of a data breach’, Dan Swinhoe, 13/8/2020


    https://www.csoonline.com/article/3434601/what-is-the-cost-of-a-data-breach.html

    ‘6 Potential Long-Term Impacts of a Data Breach’, Sue Poremba, 5/11/2021


    https://securityintelligence.com/articles/long-term-impacts-security-breach/

    ‘Adobe’s CSO talks security, the 2013 breach, and how he sets priorities’, Terena Bell, 12/4/2018
    https://www.csoonline.com/article/3268035/adobe-s-cso-talks-security-the-2013-breach-and-how-he-sets-priorities.html

    ‘Single block cipher on backup system allowed customer detail access in Adobe breach: OAIC’, Chris Duckett, 9/7/2015
    https://www.zdnet.com/article/backup-system-with-single-block-cipher-cause-of-adobe-2013-hack-oaic/

    ‘Adobe To Announce Source Code, Customer Data Breach’, Brian Krebs, 3/10/2013
    https://krebsonsecurity.com/2013/10/adobe-to-announce-source-code-customer-data-breach/

    ‘Adobe pays US$1.2M plus settlements to end 2013 breach class action’, Darren Pauli, 17/8/2015
    https://www.theregister.com/2015/08/17/adobe_settles_claims_for_data_breach/

    17

    You might also like