Immediate impact of a data breach: 1)超过3800万名用户资料以及部分产品的激活码遭到泄露。且数据泄露如同滚雪球一般越滚越大。推测受影响的用户数据逐渐扩大,根据最新推测已经有超过1.5亿用户密码被泄露。(More than 38 million user data

Immediate impact of a data breach:

1)超过3800万名用户资料以及部分产品的激活码遭到泄露。且数据泄露如同滚雪球一般越滚越大。推测受影响的用户数据逐渐扩大,根据最新推测已经有超过1.5亿用户密码被泄露。(More than 38 million user data and activation codes for some products were leaked. And data breaches are snowballing. It is speculated that the affected user data has gradually expanded, and according to the latest speculation, more than 150 million user passwords have been leaked.)

2)Paid $100w fine

Adobe will pay just $1 million to settle a lawsuit filed by 15 state attorneys general over its huge 2013 data breach that exposed payment records on approximately 38 million people. In other news, the 39-year-old Dutchman responsible for coordinating an epic, weeks-long distributed denial-of-service attack against anti-spam provider Spamhaus in 2013 will avoid any jail time for his crimes thanks to a court ruling in Amsterdam this week.

On Oct. 3, 2013, KrebsOnSecurity broke the story that Adobe had just suffered a breach in which hackers siphoned usernames, passwords and payment card data on 38 million customers. The intruders also made off with digital truckloads of source code for some of Adobe’s most valuable software properties — including Adobe Acrobat and Reader, Photoshop and ColdFusion.

On Monday, Nov. 11, North Carolina Attorney General  Roy Cooper joined his counterparts in 14 other states in announcing a $1 million settlement with Adobe over the 2013 breach. According to Cooper, the hacked Adobe servers contained the personal information of approximately 552,000 residents of the participating 15 states. That works out to about $1.80 per victim across all 15 states.

3)同时,很多网民习惯在多个网站使用相同的密码,所以这次事件不仅重创Adobe,同时还对其他网站产生了连带影响。Facebook等网站已经开始提前采取安全防范措施。

(At the same time, many netizens are accustomed to using the same password on multiple websites, so this incident not only hit Adobe hard, but also had a joint impact on other websites. Sites such as Facebook have begun to take security precautions in advance.)

Facebook用户提示(Facebook User Tips)

4)此外,不少Adobe用户都有可能遭受到钓鱼攻击。

根据研究人员提供的数据截图,泄露的数据的大小接近86GB。

(In addition, many Adobe users may be exposed to phishing attacks.

According to the data screenshot provided by the researchers, the size of the leaked data is close to 86GB.)

从Diachenko展示的数据截图可以看出,只需一个简单的请求,就可以直接访问数据。数据条目包括电子邮件地址、创建帐户的日期、客户使用的产品和付款状态。

(As can be seen from the screenshot of the data shown by Diachenko, the data can be accessed directly with a simple request. Data entries include email addresses, the date the account was created, the products the customer uses, and payment status.)

其他可能和钓鱼攻击有关的数据包括:

订阅状态

用户是否为Adobe雇员

会员ID

国家

上次登录后的时间

Other data that may be relevant to phishing attacks include:

Subscription status

Whether the user is an Adobe employee

Member ID

nation

time since last login

Data breach indirect effects:

1. External influence:

1) Adobe’s stock price was not affected after the data breach,

It can be seen that after the data breach, the stock price only fell on a small scale, less than 5%

This is due to the company’s good PR measures and rapid response (we will expand on this in part 3)

2) At the same time, according to the financial report, Adobe’s sales in the fourth quarter were not affected on a large scale:

Fourth Quarter Financial Highlights

Adobe achieved revenue of $1.04 billion, within its targeted range of $1 billion to $1.05 billion.

Adobe exited Q4 with 1 million 439 thousand paid Creative Cloud subscriptions, an increase of 402 thousand when compared to the number of subscriptions as of the end of Q3 fiscal year 2013, and enterprise adoption of Creative Cloud was stronger than expected.

Creative Annualized Recurring Revenue (“ARR”) grew to $768 million, and total Digital Media ARR grew to $911 million.

Adobe Marketing Cloud quarterly revenue was $316.2 million, representing 38 percent year-over-year growth.

Diluted earnings per share were $0.13 on a GAAP-basis, and $0.32 on a non-GAAP basis.

Cash flow from operations was $315.0 million.

Deferred revenue grew by $94.7 million to a record $828.8 million.

The company repurchased 7.9 million shares during the quarter, returning approximately $405 million of cash to stockholders.

这主要是由于市场是没有Adobe的强有力竞争者,Adobe的用户群体非常固定,用户粘性很高;同时,不少用户认为,数据泄露事件发生后,Adobe会具有更高的安全防范意识,从而保障用户安全。(This is mainly because there is no strong competitor of Adobe in the market. Adobe’s user group is very fixed and user stickiness is very high; at the same time, many users believe that after the data leakage incident, Adobe will have a higher awareness of security prevention, thus Ensure user safety.)

2. Internal influence:

1) The highest-ranking supervisor responsible for safety within the company was not fired, but was promoted

Adobe CSO Brad Arkin was senior director in 2013, the company’s highest security title at the time, but Adobe didn’t fire him. Instead, Arkin was promoted.

New Adobe features developed for security concerns:

executive vice-president of digital marketing Brad Rencher bragged about Adobe Experience Cloud’s newest feature: a unified profile that centralizes every data point an Adobe customer has ever collected about you.

Rencher calls it “a new system of record, one that can manage and make sense of the high volume of content and data.” The unified profile collects individual browsing behavior, device use data, customer relationship management (CRM) notations, information from Microsoft Dynamics 365, and more. The goal is to make personalized marketing, well, more personalized. From a security standpoint, the unified profile theoretically has the hacking potential of personally identifiable information (PII) in a to-go bag.

2) Adobe internal consensus

This event will allow them to gain more awareness of their competitors

it’s very much about who the potential adversaries are and what are their objectives.” The more machines or data a hacker can access, the higher risk to the target. That’s why Adobe has traditionally focused heavily on protecting Flash Player, which Arkin says is installed on billions of systems.

3)poisoned Search Results on the Corporate Brand

The media often describe the incident as one of the 17 biggest data breaches of the 21st century

已经关联了Adobe相关词条