Scribd
Upload
9 views18 pages

A Report On 2013 Adobe Data Breach

The document summarizes a 2013 data breach at Adobe where hackers accessed a customer database containing personal information for 38 million users. The breach occurred when Adobe shifted to cloud services and had technical vulnerabilities like outdated software and poor password encryption. It caused short term impacts like user complaints, legal issues, and economic losses, as well as long term damage to Adobe's reputation, customer loyalty, and employee retention. The document recommends prevention actions such as firewalls, intrusion detection, access management, and regular maintenance to address security issues.

Uploaded by

alan king
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
Download as docx, pdf, or txt
9 views18 pages

A Report On 2013 Adobe Data Breach

The document summarizes a 2013 data breach at Adobe where hackers accessed a customer database containing personal information for 38 million users. The breach occurred when Adobe shifted to cloud services and had technical vulnerabilities like outdated software and poor password encryption. It caused short term impacts like user complaints, legal issues, and economic losses, as well as long term damage to Adobe's reputation, customer loyalty, and employee retention. The document recommends prevention actions such as firewalls, intrusion detection, access management, and regular maintenance to address security issues.

Uploaded by

alan king
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
Download as docx, pdf, or txt
Download as docx, pdf, or txt
You are on page 1/ 18

A Report on 2013 Adobe Data Breach

1. Brief Background
2. Likely incident causes
3. Short-term and long-term impacts of the incident
4. Suggested prevention actions and associated solutions
1. Brief Background
Adobe data breach in 2013
--one of the biggest incidents of the 21st century.

◺ From 2011 to 2013, Adobe shifted from selling desktop licenses to cloud-
based service. Moving to cloud creates vulnerabilities to Adobe’s data
security.
- - technical &
organizational blind spots.

◺ In 2013, attackers leveraged security vulnerabilities and illegally accessed a


customer database containing email addresses, payment data, customer
names, password, and physical addresses. Over 38 million global users were
impacted.

3
Adobe data breach in 2013
Timeline
◺ Hackers accessed a source code repository sometime in mid-August 2013

◺ Adobe noticed breach and decommissioned the compromised database server at 17 th of


Sep 2013.

◺ Adobe utilised a two-factor authentication for data and conducted vulnerability scanning
at the end of the Sep in 2013.

◺ 2013, Oct,3: Adobe first confirmed that 2.9 million customers have had private information
stolen. \cite{}

◺ 2013, Oct,29 : Adobe completed resetting the passwords for all Adobe IDs involved.

◺ 2013, Oct,30: Adobe increased the number of attacked account to 38 million. \cite{}

◺ At 30th of June 2015, Adobe engaged an independent auditor to certify that it has
implemented the remediation work required by the government.

◺ 2018: The company was still dealing with the cleanup and announced a new Experience
Cloud feature that makes security more important. 4
2. Likely incident causes
Technical Issues

Poor security practices by the time of the breach:

⮚ Many Adobe backup server networks run outdated versions


of the software, leaving them vulnerable to compromise.

⮚ Poorly-encrypted passwords: Adobe used the same encryption


key for all passwords.

6
Organizational Blind Spots
⮚ Outdated organization structure
Different departments were working
separately. (the product engineering was
totally separate
from IT security)
--Lack of communication
--Some overlooking of responsibility during
technical operations

⮚ Internal data leak from malicious insiders


--espionage for financial reward or employee
grievances
7
3. Short-term and long-term impacts of the
incident
Short-term impact
● Database Security
○ Leak of users’ information
○ Leak of source code for Adobe Photoshop
○ The database is no longer safe. (Be attacked again if
nothing change)

● Complains and Bad news


○ Large amount of users will complain the company
○ Social media impacts and Negative news increase
Need more budget to solve cyber security
problem and more documents work to handle
society and media
9
Short-term impact
● Economic losses
○ Stock fall
○ Compensation
○ Fine from government

● Legal Action
○ Facing legal liability

Data breach brings high economic losses.


Sometimes, it is a huge blow to the company!
10
Long-term impact
● Damage to company’s reputation
○ Poisoned search results on corporate brand
○ Loss of customers
■ Impacts the future selling

● Less attractive to new employees


○ Employee turnover (Especially at the executive level)
○ Difficult in finding new employees with high IT and
security skills

● Loss of core competitive advantage


○ Loss of source codes may cause the leakage of core
technology
11
4. Suggested prevention actions
& Associated solutions to impact
Prevention Action
● Firewall setup and the network architecture

○ The firewall monitors the flow of traffic


○ The installation of anti-malware programs

● Using intrusion detection system (IDS)

○ monitors both the hardware and software systems


○ identify any case of illegal attempt

13
Prevention Action
● Regular inspection and maintenance

○ Set up a monitor group to do regular inspection


○ Schedule regular system maintenance

● Strengthen user access management

○ Teach the user how to maintain high-level security


○ adopt proper user training measures

14
Response
● Towards User
○ Notify customers and business
○ Give Apology and compensation to users who were
influenced

● Towards Public
○ Hire external auditors to do a full investigation
○ Call a press conference

15
Response
● Towards Government
○ Pay the fine against the agreement
○ Consult with legal counsel

● Towards the internal organization


○ Settle multistate data breach enforcement action.
1. Nominate a Chief security officer(CSO)
2. Hire skilled experts to fix data leakage
3. introduce proper data storage systems

16
References
‘5 Damaging Consequences of A Data Breach’, METACOMPLIANCE MARKETING TEAM,
25/2/2020 https://www.metacompliance.com/blog/5-damaging-consequences-of-a-data-breach/

‘What is the cost of a data breach’, Dan Swinhoe, 13/8/2020


https://www.csoonline.com/article/3434601/what-is-the-cost-of-a-data-breach.html

‘6 Potential Long-Term Impacts of a Data Breach’, Sue Poremba, 5/11/2021


https://securityintelligence.com/articles/long-term-impacts-security-breach/

‘Adobe’s CSO talks security, the 2013 breach, and how he sets priorities’, Terena Bell, 12/4/2018
https://www.csoonline.com/article/3268035/adobe-s-cso-talks-security-the-2013-breach-and-how-he-sets-priorities.html

‘Single block cipher on backup system allowed customer detail access in Adobe breach: OAIC’, Chris Duckett, 9/7/2015
https://www.zdnet.com/article/backup-system-with-single-block-cipher-cause-of-adobe-2013-hack-oaic/

‘Adobe To Announce Source Code, Customer Data Breach’, Brian Krebs, 3/10/2013
https://krebsonsecurity.com/2013/10/adobe-to-announce-source-code-customer-data-breach/

‘Adobe pays US$1.2M plus settlements to end 2013 breach class action’, Darren Pauli, 17/8/2015
https://www.theregister.com/2015/08/17/adobe_settles_claims_for_data_breach/

17

You might also like