Adobe suffered a major security breach as hackers managed to gain access to passwords and other sensitive information belong to around 2.9 million customers while also getting access to source code for several of Adobe's most popular applications. Full details at ARS Technica.
Adobe dropped the bombshell revelation shortly after KrebsonSecurity's Brian Krebs reported that the hack began sometime in mid August and was carried out by the same criminals who breached LexisNexis and other major US data brokers. In the course of investigating the earlier intrusions, Krebs said he happened upon a 40 gigabyte trove of source code, much of it belonging to Adobe. Adobe confirmed its ColdFusion Web application software and its Acrobat document program were among those that were stolen.
The Acrobat software family, which is intimately linked to the nearly ubiquitous Reader application, has long been a favorite target of malware developers looking for ways to sneak their malicious wares onto people's computers. The specter of hackers having full access to the raw source code of those applications is troubling, because it could make it easier to identify bugs that can be surreptitiously exploited in drive-by website attacks.