Sole Trader Business compromised by the Adobe Data Breach

[em_cat]

Hi All
I was notified of the Oct 2013 Adobe Data Breach, I of course took the immediate precautions ie. changing passwords for online accounts as per the notification from Adobe. However, following on from that I was notified that in addition to my email and password being leaked, my financial and personal details including my Tax ID where also leaked, so then I immediately contacted my bank, who also was notified by Adobe of same, and changed credit cards, laser visa and account numbers associated with same.

Now it is some months later and I am facing the following:
Having my Tax ID flagged and possibly changed as it has been compromised,

I spend upwards of 4-5 billable hours a day clearing/archiving/reporting mailbox of phishing/scam emails so that I can receive client emails,

Currently redesigning and brainstorming for a new business name which means changing in business identity, branding and design, doing all of this so I can register afresh with the CRO...

I could list a multitude of other stuff I have to change, but will leave that for later.

Also after opening a case with Adobe and it being 'escalated' I was offered as compensation (Adobe's phrasing, not mine) a "40-60% reduction on the price of a Creative Cloud Subscription for 1 year" and I was given the terms that I had to reopen my account immediately to avail of this offer. Also I was asked to let Adobe know what I expected as "compensation" but I am having trouble decerning such as I only have the lost income from the allocated amount of billable hours that I have wasted dealing with this issue, but also because of the Data Breach issue, I am not sure what recompense or "compensation" I could actually expect.

Some much needed advice would be greatly appreciated.

 

[em_cat]

Update....

I have not had any luck in trying to find a solicitor that may be able to help me with this as I have been told by 5 different firms, that they can't help because they "don't want to shoot themselves in the foot".

One firm I spoke to at least told me that while they understood my plight, they could not act on my behalf as it would lead to a conflict of interest as they have acted for Adobe in the past, this I can understand but to be told by other firms that they can't help because they don't want to potentially lose out a possible future representing Adobe is a bit hard to take.

Anya advice would be greatly appreciated.

 

[Brendan Burgess]

You don't need to do this on your own.

Have you checked to see if there are other Adobe customers internationally who have been affected?

Have you been on to the SFA or ISME?

Brendan

 

[em_cat]

Hi Brendan

Thanks for your post, to answer your question about others being affected, yes indeed they have, http://www.independent.ie/business/...hdog-scans-adobe-ireland-breach-29907743.html.

However the Independent incorrectly reported "It is believed that the data breach came as customers clicked on a link contained in a bogus Adobe email. "This office would advise individuals to be vigilant of any unsolicited emails they receive and not click on links contained within or download files from any email where they are not familiar with the sender.", but unfortunately apart from me, no one seemed to care about this inaccuracy.

Also it never occurred to me to contact the SFA or the ISME as I am not a member, so I am not sure if they could help in anyway. I have been advised by my hosting provider that my only options are to pay for a premium antispam service or to "dump" my domain and start anew. While the second option is probably what I will have to do, I am now calculating the consequential loss that has occurred due to Adobe's negligence.

 

[em_cat]

I have finally found a solicitor who is willing to help me with the case against Adobe for the lack of security which has resulted in consequential loss affecting my business associated with my personal details being leaked which has also led to my owned and copyrighted domain being compromised and hacked!

If there is anyones else or any other business who has been affected by the Adobe Data Breach that occurred Oct 2013, I would love to hear from you, because as Brendan said above, " You don't need to do this on your own." So a big thanks to Brendan as it gave me the push as I was nearly about to give up....

But, don't get me wrong, I don't want turn this post into an Adobe bashing as in truth, they where victims of a malicious crime, but unfortunately their service in dealing with the fallout has been negligent to say the least.

Em_cat

 

[Brendan Burgess]

Why don't you join ISME or the SFA and get them to run the case for you?

Even if they won't run the case, they will circulate their members to see if anyone else has been affected.

Has any Irish journalist covered the story. If you are setting up a compensation group, they will do a story on it.

Or maybe one of the technology journalists?

Brendan

 

[em_cat]

Brendan

Many thanks, I was not aware that I could join the SFA as I am a sole trader Graphic Design business and I don't have any employees, but I will definitely look into joining as I looked through their website and spoke to someone in the SFA and found out that indeed I could join.

I hadn't thought about setting up a compensation group, but the idea of a 'Class Action' would be great if I thought it was allowed. Really what I am having a hard time with is the feed back I have received from others in relation to this is why I even bother paying for the use of the Adobe software when it so widely available for 'free'.

 

[em_cat]

I have been told that I will need a solicitor who is well versed in Litigation and Intellectual Property, I have found a solicitor who is and is willing to take on the case against Adobe, but the proposed fees are a bit out of my league at the moment. I have a few questions that I would like to get answered, but was wondering if there was somewhere else in the forum I should ask?

 

[RainyDay]

Just to play devils advocate a bit;

I spend upwards of 4-5 billable hours a day clearing/archiving/reporting mailbox of phishing/scam emails so that I can receive client emails,

Seems strange - do you have any anti-virus software or anti-spam facility within your existing email services. Most spam is trapped by any half-decent service. Gmail is very good, Outlook is OK in my experience.

Currently redesigning and brainstorming for a new business name which means changing in business identity, branding and design, doing all of this so I can register afresh with the CRO...

I don't see the connection between the new business name and the data breach. You might like to clarify why the data breach requires a new business name.

 

[em_cat]

Hi Rainyday

Alternate viewpoints welcomed. But to answer your queries, the email that has been affected by the Adobe Breach, is my business email which is attached to a copyrighted and owned by my business domain, that is hosted on a dedicated server, does in deed have a very good anti spam service and I have always used it, however this is not the problem.

As a cloud subscription user, as I have to use their software for my business, Adobe retained private data, financial and personal info which was leaked during the Oct 2013 Security breach.

Following on from that, my business email is now full of scam/phishing emails, which I had never had to deal with in the past. My business email address is being used by, what I can only surmise, is some 3rd party direct mailing marketing company. This I know because my email is 'issuing' mailing lists which I have not set up or authorised as I do not use direct marketing in my business, thus which is now opening me, as the owner, up to liability under the European Communities (Electronic Communications Network and Services)(Privacy and Electronic Communications) Regulations 2011.

As for the connection between a new business name and the data breach. The connection is:

My business email address runs through my business domain, that is used by the Adobe Cloud Subscription as it is my business that is the subscriber.

When a domain is 'hacked' in this way, you basically have 2 options, you can get some very expensive software to run and filter the domain, employee some high tech people to clear your hacked domain of any malware or viruses and such, all of which is way too expensive for my business to afford or in order to register a new .ie domain, I need to create a new business, hence a new business name, obtain a new RBN and apply for a new .ie domain. Thus 'dumping' the previously hacked domain by letting it expire.

Apologies for the lengthy post, but does this clarify?

 

[JoeRoberts]

Hi Rainyday

Alternate viewpoints welcomed. But to answer your queries, the email that has been affected by the Adobe Breach, is my business email which is attached to a copyrighted and owned by my business domain, that is hosted on a dedicated server, does in deed have a very good anti spam service and I have always used it, however this is not the problem.

As a cloud subscription user, as I have to use their software for my business, Adobe retained private data, financial and personal info which was leaked during the Oct 2013 Security breach.

Following on from that, my business email is now full of scam/phishing emails, which I had never had to deal with in the past. My business email address is being used by, what I can only surmise, is some 3rd party direct mailing marketing company. This I know because my email is 'issuing' mailing lists which I have not set up or authorised as I do not use direct marketing in my business, thus which is now opening me, as the owner, up to liability under the European Communities (Electronic Communications Network and Services)(Privacy and Electronic Communications) Regulations 2011.

As for the connection between a new business name and the data breach. The connection is:

My business email address runs through my business domain, that is used by the Adobe Cloud Subscription as it is my business that is the subscriber.

When a domain is 'hacked' in this way, you basically have 2 options, you can get some very expensive software to run and filter the domain, employee some high tech people to clear your hacked domain of any malware or viruses and such, all of which is way too expensive for my business to afford or in order to register a new .ie domain, I need to create a new business, hence a new business name, obtain a new RBN and apply for a new .ie domain. Thus 'dumping' the previously hacked domain by letting it expire.

Apologies for the lengthy post, but does this clarify?

Why don't you get a quote for the 1st option and give it to Adobe. They have already asked you how much compensation you want.
You need to get back to your main focus of setting up your business quickly and not be distracted by legal action against one of the biggest IT companies in the world. You will come across many situations in your business where you will have a right to take legal action but in reality we must just get on with things.

I'm not an IT expert, but I don't think your email address is sending out the mailings. If it was, it's likely you would be now blacklisted by one of the anti spam services. So possibly there is some virus spoofing your address.

 

[RainyDay]

Hi Rainyday

Alternate viewpoints welcomed. But to answer your queries, the email that has been affected by the Adobe Breach, is my business email which is attached to a copyrighted and owned by my business domain, that is hosted on a dedicated server, does in deed have a very good anti spam service and I have always used it, however this is not the problem.

As a cloud subscription user, as I have to use their software for my business, Adobe retained private data, financial and personal info which was leaked during the Oct 2013 Security breach.

Following on from that, my business email is now full of scam/phishing emails, which I had never had to deal with in the past. My business email address is being used by, what I can only surmise, is some 3rd party direct mailing marketing company. This I know because my email is 'issuing' mailing lists which I have not set up or authorised as I do not use direct marketing in my business, thus which is now opening me, as the owner, up to liability under the European Communities (Electronic Communications Network and Services)(Privacy and Electronic Communications) Regulations 2011.

As for the connection between a new business name and the data breach. The connection is:

My business email address runs through my business domain, that is used by the Adobe Cloud Subscription as it is my business that is the subscriber.

When a domain is 'hacked' in this way, you basically have 2 options, you can get some very expensive software to run and filter the domain, employee some high tech people to clear your hacked domain of any malware or viruses and such, all of which is way too expensive for my business to afford or in order to register a new .ie domain, I need to create a new business, hence a new business name, obtain a new RBN and apply for a new .ie domain. Thus 'dumping' the previously hacked domain by letting it expire.

Apologies for the lengthy post, but does this clarify?

Thanks for the update. Maybe it's just me, but I'm still not getting it. The Adobe breach involved hacking of user information, including user ids, email addresses and encrypted passwords. Let's look at the two issues you raise.

1) Spam in your mailbox

I'm not clear if you are talking about incoming spam here, or if you email account has been used to send outgoing spam – you might clarify this.
If you are talking about incoming spam, then yes, it wouldn’t surprise me that you are getting more incoming spam than before, as a result of your email address having been exposed. However, your email address is most likely already exposed, on your corporate website and probably other places. It would be very difficult for any Court to prove that spam arose specifically from the Adobe breach.

I’m also finding it very hard to comprehend how ANY spam scenario is not being largely addressed by automated spam protection tools, leaving a few exceptions to be dealt with manually. I really can’t comprehend where any individual would have to spend several hours each day on an ongoing basis dealing with spam.

If you are suggesting that your email service has been hacked and used to send outgoing spam, this could only happen if

a) The encrypted passwords taken from Adobe have been decrypted, AND
b) You used the same password for your Adobe service as your email service.
​

I can’t find any suggestion in the press that the Adobe passwords have been decrypted, and even if they have, you contributed significantly to the problem by using the same password elsewhere.

2) Domain hacked
What evidence do you have that your domain has been hacked? What symptoms are you seeing? Did you have the same password for your domain management system as for your Adobe service?

 

[Jim2007]

Thanks for the update. Maybe it's just me, but I'm still not getting it...

You are not the only one! I doubt the Adobe lawyers will have much trouble dispatching this one and leaving the OP with a large bill...

 

[em_cat]

Hi RainyDay

Just to clarify, you are right the Adobe breach involved the above as you stated, however it also involved the leaking of financial records such as cc and or laser visa numbers and expiry dates, this was notified in writing to both me and my bank and was dealt with accordingly.

1) Spam/Scamming/Phishing

In my case both have happened, both incoming and outgoing....which leads to having been blacklisted in some cases and am having trouble getting emails to some clients which is problematic...

As far as a Court proving such, I have accurate detailed archive logs of all emails received and sent from the impacted email address going back to 2009, when I registered the .ie domain, as I have automatic archiving form the server. This is something I have to have as most of my clients are in the US and I have to keep incredibly good records.

So indeed under other email addresses such as my gmail which is not associated with my business email, I would of course had some level of 'spam' none of which particularly affected me in any way....

Let me first state here, I am in no way an IT professional, so some of the issues being discussed here are little above my head, so I have been consulting with some IT profs... so I will do my best to explain.

What I have been told, is that in order to combat what has happened, I have to enter in header full email header info onto a blacklist, which is very timely as I get somewhere between 200- 300 of these emails every 1-2 days. Also once you 'block' the emails ip and addresses, the scammers reroute through new proxy's and forged IPs so I have start entering them in again, an incredibly laborious process, which is why it takes me so much time, I simply can't afford to employee someone to do this for me.

In relation to passwords, I wish it had been as simple as using same ids and passwords for say Adobe and Email etc..., However not in my case, I have always used different passwords for everything as I am particularly pedantic and cautious and although I use the same email address for Adobe, Maxon, Chaos and Autodesk to contact me for billing and maintenance service agreements, they are the only software suppliers that use the same email address for the above purposes, however not to confuse with the login ID such as the Adobe ID, those are unique email addresses that get created as I can have unlimited email addresses.

Because the hackers obtained private data that Adobe has for me/my business they not only obtained my adobe ID, but also the contact email address which is the one that it is being affected as per the private data records Adobe had on me/my business. In addition to the same, the email address that is listed on my business website is the same domain, but not the same email address I use to communicate with clients and/or service suppliers.

Adobe stated that the passwords where encrypted, although I had read somewhere that the passwords may not have encrypted correctly, something to do with 'salting', but again this is way above my level of IP Tech...

2) Also to clarify, the hacking happened to my domain, I do have proof of this. I can't even begin to explain how, I just have the reports. But also, no the login info for the cPanel is entirely different. Believe me, I have no idea how all of this happened, but I can, with proof, trace it back to the Adobe Breach.

 

[em_cat]

You are not the only one! I doubt the Adobe lawyers will have much trouble dispatching this one and leaving the OP with a large bill...

I can understand why people are confused here, I am to, however Adobe has admitted liability and has actually apologised. So as far as leaving me with a large bill, I am a little skeptical about that. And as I originally stated, they have offered some level of pathetic compensation and to their credit, they have been trying to engage with me, I get a call every week from them, but as far as trying to explain exactly what the fallout has been, is pretty difficult for me.

 

[RainyDay]

Let me first state here, I am in no way an IT professional, so some of the issues being discussed here are little above my head, so I have been consulting with some IT profs... so I will do my best to explain.

What I have been told, is that in order to combat what has happened, I have to enter in header full email header info onto a blacklist, which is very timely as I get somewhere between 200- 300 of these emails every 1-2 days. Also once you 'block' the emails ip and addresses, the scammers reroute through new proxy's and forged IPs so I have start entering them in again, an incredibly laborious process, which is why it takes me so much time, I simply can't afford to employee someone to do this for me.

It sounds to me like you have been poorly advised. As you are finding out, this is a very impractical solution. No end user can go through this kind of blacklisting process for large numbers of emails on an ongoing basis.

You need to talk to whoever is advising you on this about practical solutions, or find another advisor.

I'm still confused as to why standard anti-spam tools aren't solving this problem for you by flagging up the spam emails before you ever see them. I'm also still confused as to how you can attribute the email spam directly to the Adobe breach.

Because the hackers obtained private data that Adobe has for me/my business they not only obtained my adobe ID, but also the contact email address which is the one that it is being affected as per the private data records Adobe had on me/my business. In addition to the same, the email address that is listed on my business website is the same domain, but not the same email address I use to communicate with clients and/or service suppliers.

Sorry, I'm still a bit confused here too. If you want to explore this further, you might want to give some examples, without identifying your domain. Tell us what email addresses were used and what email addresses were effected. You could use @em_cat.ie as the domain, for the purposes of this discussion.

Adobe stated that the passwords where encrypted, although I had read somewhere that the passwords may not have encrypted correctly, something to do with 'salting', but again this is way above my level of IP Tech...

Yes, the passwords were encrypted, but not hashed or salted, so it wasn't a very strong form of encryption. Most of the articles I checked suggested that decrypting them was a matter of time, but I couldn't find any actual suggestion that they had been decrypted.

2) Also to clarify, the hacking happened to my domain, I do have proof of this. I can't even begin to explain how, I just have the reports. But also, no the login info for the cPanel is entirely different. Believe me, I have no idea how all of this happened, but I can, with proof, trace it back to the Adobe Breach.

Up to yourself of course, but I don't see how you can attribute blame to Adobe. And if you can't explain it to me, don't expect a judge to get it.

I can understand why people are confused here, I am to, however Adobe has admitted liability and has actually apologised. So as far as leaving me with a large bill, I am a little skeptical about that. And as I originally stated, they have offered some level of pathetic compensation and to their credit, they have been trying to engage with me, I get a call every week from them, but as far as trying to explain exactly what the fallout has been, is pretty difficult for me.

Yes, I can understand why you've been having difficulty explaining exactly what the fallout is, because I'm really still not seeing the cause-effect connection between the two events.

 

[nai]

You can assume that your password has been hacked - the complexity of your password just determines the size of the hash list needed to reverse it. Here's a sample : http://grahamcluley.com/2013/11/top-50-passwords-adobe-security-breach/ I don't have a copy of the database but can get one if you want it

With regard to the anti-spam - what type of mail service do you use ?
Being blacklisted is a fact of life - you might want to look into some tools that monitor your status.
Blacklisting spammers is normally better left to other companies to provide that service so if you're not already on a mail service that provides all of that type of functionality - you should move to one. Or even look at something like www.antispam.ie - you will just need to change your MX entries.

With regard to the domain hacking - what were the symptons and how were/are you still affected ?

 

[em_cat]

You can assume that your password has been hacked - the complexity of your password just determines the size of the hash list needed to reverse it. Here's a sample : http://grahamcluley.com/2013/11/top-50-passwords-adobe-security-breach/ I don't have a copy of the database but can get one if you want it

With regard to the anti-spam - what type of mail service do you use ?
Being blacklisted is a fact of life - you might want to look into some tools that monitor your status.
Blacklisting spammers is normally better left to other companies to provide that service so if you're not already on a mail service that provides all of that type of functionality - you should move to one. Or even look at something like www.antispam.ie - you will just need to change your MX entries.

With regard to the domain hacking - what were the symptons and how were/are you still affected ?

Thanks Nai for your post. Thanks for the offer of the database copy, but I don't really need one at present. Yes, I knew the password was hacked, it was immediately reset by Adobe and then by me.

Previous to Oct 2013, this email address was never blacklisted as I do not send out mailing lists of any kind, its not really necessary for me to do so. I found out about being blacklisted from a client's it dept when I was sending an important email regarding a project I was working on for them, that was the first time ever and it happened in Dec 2013.

Prior to Oct 2013 I never needed to use a very specific anti spam as this email address, nor had any of the others, hosted by my domain showed any type of need for such measures. On the rare occasion I know I used the whitelist/blacklist functionality under my cPanel options and that was fine until Oct 2013. AS I have previously stated, I have every email from every mailbox archived on an external drive server, this is because I have and ISO filing and record keeping system in place because of my client base.

I have been looking into www.antispam.ie as blacknight are my domain hosting providers so it would make since, however the tech support in blacknight where pretty good at helping me with some of these issues and they too can confirm that prior to Oct 2013, having to use a system like www.antispam.ie was not necessary for me. Also, as I understand the antispam is €30ex VAT per annum, per mailbox which will be very costly for me as I have a lot of mailboxes and they say it is essential to use it on all the mailboxes associated with the domain to be effective.

As far as the domain hacking, an example I can give, with my domain, I host 3 Digital Asset Management Systems, individually tailored to 3 clients. A client informed that some non approved images where found online on a website, and to clarify, under the DAM there are approved images for use, say in a clients design guide, this enables them to use them in their company promotions and such, and this case it happen to relate to patenting design. Anyway, After the client doing an internal check and after informing me, I did a check via the logs from the DAM and was able to trace when the 'unapproved' image was downloaded and so on a so forth. Anyway this is a major problem as the DAM's have to be heavily secured so that only approved people can access them.

Another symptom, is one of my clients websites is hosted under my domain, and their website has started to do multiple redirections, not when someone lands on the homepage, but when they search for a product all of a sudden they are redirected to some site that was not what they intended to be on. I have gone thru the code for the entire site, which is mostly php and some html5. I was able to sort that out pretty quickly, however 2 weeks later it happened again to the same website and then 2 more.

And yes, I am still being affected, most noticeably, the DAM's are 'misbehaving' and also I seeing some source code that has been added to other websites under my domain as well as in my own...This is a constant battle. And as I previously stated, blacknight advised me that one option is to dump the domain, but thats all well and good, however that then requires a rebranding for me and reregistering with the CRO.

 

[RainyDay]

Previous to Oct 2013, this email address was never blacklisted as I do not send out mailing lists of any kind, its not really necessary for me to do so. I found out about being blacklisted from a client's it dept when I was sending an important email regarding a project I was working on for them, that was the first time ever and it happened in Dec 2013.

Prior to Oct 2013 I never needed to use a very specific anti spam as this email address, nor had any of the others, hosted by my domain showed any type of need for such measures. On the rare occasion I know I used the whitelist/blacklist functionality under my cPanel options and that was fine until Oct 2013. AS I have previously stated, I have every email from every mailbox archived on an external drive server, this is because I have and ISO filing and record keeping system in place because of my client base.

I have been looking into www.antispam.ie as blacknight are my domain hosting providers so it would make since, however the tech support in blacknight where pretty good at helping me with some of these issues and they too can confirm that prior to Oct 2013, having to use a system like www.antispam.ie was not necessary for me. Also, as I understand the antispam is €30ex VAT per annum, per mailbox which will be very costly for me as I have a lot of mailboxes and they say it is essential to use it on all the mailboxes associated with the domain to be effective.

What email client do you use - Outlook? or other?

As far as the domain hacking, an example I can give, with my domain, I host 3 Digital Asset Management Systems, individually tailored to 3 clients. A client informed that some non approved images where found online on a website, and to clarify, under the DAM there are approved images for use, say in a clients design guide, this enables them to use them in their company promotions and such, and this case it happen to relate to patenting design. Anyway, After the client doing an internal check and after informing me, I did a check via the logs from the DAM and was able to trace when the 'unapproved' image was downloaded and so on a so forth. Anyway this is a major problem as the DAM's have to be heavily secured so that only approved people can access them.

Another symptom, is one of my clients websites is hosted under my domain, and their website has started to do multiple redirections, not when someone lands on the homepage, but when they search for a product all of a sudden they are redirected to some site that was not what they intended to be on. I have gone thru the code for the entire site, which is mostly php and some html5. I was able to sort that out pretty quickly, however 2 weeks later it happened again to the same website and then 2 more.

And yes, I am still being affected, most noticeably, the DAM's are 'misbehaving' and also I seeing some source code that has been added to other websites under my domain as well as in my own...This is a constant battle. And as I previously stated, blacknight advised me that one option is to dump the domain, but thats all well and good, however that then requires a rebranding for me and reregistering with the CRO.

Why do you link this hacking to the Adobe leak?

 

[Jim2007]

I can understand why people are confused here, I am to, however Adobe has admitted liability and has actually apologised.

Over the years I've been involved in fixing several hacking incidents and as far as I can see the hacking of your account at Adobe can not be the cause of all the issues you are having! Companies get hacked all the time and it does not lead to them having to take all the measures you are describing to put it right.

Adobe have admitted responsibility for what went wrong on their side, but that does not mean they are going to foot the bill for any of what you are claiming is the result of that incident.

My account at Adobe was exposed too and I did what most other people did - changed the password and cancelled the CC and that was an end to it. It had no impact on any of my domains or email account.