Breach at PR Newswire linked to Adobe exploit

Filed Under: Adobe, Data loss, Security threats

Fence hole. Image courtesy of Shutterstock.The same crooks who pilfered Adobe's source code used an Adobe ColdFusion exploit to breach the PR Newswire press release service, security journalist Brian Krebs reported on Wednesday.

The data was stolen from PR Newswire on or after March 8, 2013 and reportedly included partial website source code, configuration data, and a database of PR Newswire customers.

The stolen code was found on the same servers as Adobe's source code, Krebs reports.

More evidence, dated 13 February, 2013, points to a large-scale attack targeting the news service's networks, hitting more than 2,000 IP addresses with ColdFusion exploits.

Krebs reports that the co-location of PR Newswire's and Adobe's stolen data suggest that the same attackers went after both targets.

PR Newswire on Wednesday sent a statement to customers, saying that it's conducting an extensive investigation and has notified appropriate law enforcement authorities. It is also forcing users to change their passwords:

As a precautionary measure, we have implemented a mandatory password reset for all customers with accounts on this database. As a general practice, we recommend that our customers use strong passwords and regularly update them, not just on PR Newswire but on any website requiring login credentials. From an internal perspective, we continue to implement security improvements and additional protocols to help further protect user portals and customer and proprietary information.

Based on its preliminary review, PR Newswire said in the statement, it doesn't believe that customer payment data were compromised.

Image of hole in fence courtesy of Shutterstock.

, , ,

You might like

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

I've been writing about technology, careers, science and health since 1995. I rose to the lofty heights of Executive Editor for eWEEK, popped out with the 2008 crash, joined the freelancer economy, and am still writing for my beloved peeps at places like Sophos's Naked Security, CIO Mag, ComputerWorld, PC Mag, IT Expert Voice, Software Quality Connection, Time, and the US and British editions of HP's Input/Output. I respond to cash and spicy sites, so don't be shy.