Adobe just told me that my password might have been compromised and that it had to be changed.

Report · Oct 04, 2013

Just a comment here!

Adobe just told me that my password might have been compromised and that it had to be changed. How can I be sure that the letter I got from them was, in fact, from them and not from some hacker who found out my ID, emailed me at my ID and now has a my new password. THEY change my Adobe password. ADOBE confirms the change with me and now I am still compromised because ADOBE can't protect its files.

Report · Oct 04, 2013

http://nakedsecurity.sophos.com/2013/10/04/adobe-owns-up-to-getting-pwned-login-and-credit-card-data...

Report · Oct 04, 2013

MattKauf wrote:
How can I be sure that the letter I got from them was, in fact, from them and not from some hacker who found out my ID, emailed me at my ID and now has a my new password.

Look at the email headers. Not the 'From:' address; that can easily be forged, but at the originating IP address. If it does not point to an adobe.com server, then it is likely a scam.

Report · Oct 04, 2013

Thanks. After checking it came from adobesystems.com . It's still pretty scary that a company like Adobe can get hacked.

Report · Oct 04, 2013

This is the email that I received:

Important Customer Security Alert

To view this message in a language other than English, please click here.

We recently discovered that attackers illegally entered our network. The attackers may have obtained access to your Adobe ID and encrypted password. We currently have no indication that there has been unauthorized activity on your account. If you have placed an order with us, information such as your name, encrypted payment card number, and card expiration date also may have been accessed. We do not believe any decrypted card numbers were removed from our systems.

To prevent unauthorized access to your account, we have reset your password. Please visit www.adobe.com/go/passwordreset to create a new password. We recommend that you also change your password on any website where you use the same user ID or password. As always, please be cautious when responding to any email seeking your personal information.

We also recommend that you monitor your account for incidents of fraud and identity theft, including regularly reviewing your account statements and monitoring credit reports. If you discover any suspicious or unusual activity on your account or suspect identity theft or fraud, you should report it immediately to your bank. You will be receiving a letter from us shortly that provides more information on this matter.

We deeply regret any inconvenience this may cause you. We value the trust of our customers and we will work aggressively to prevent these types of events from occurring in the future. If you have questions, you can learn more by visiting our Customer Alert page, which you will find here.

Adobe Customer Care

Report · Oct 17, 2013

My dad got this same email and asked me if it was legitimate. My immediate response was "absolutely bogus--malware--discard immediately..." and was proud that I'd trained him well and he had good security instincts. Then I did some checking and apparently it is legitimate. I appreciate Adobe is trying to be proactive, but smack upside the head for sending this email--we constantly drill into users that any unsolicited email that warns you that your ID has been breached and directs you to click on a link to provide credentials should be regarded as malicious. I think it would be a better approach to send an email that describes the breach, advises the user to change passwords for other accounts if they were the same, but should provide some different approach to resetting their Adobe passwords. How, I don't know, but there has to be a better way than what they did.

Report · Feb 16, 2016

at least he was told I wasn't I lost everything

Report · Feb 17, 2016

That message was sent in October 2013. What did you lose?