Today Adobe released a bulletin stating that 2.9 million Adobe customer’s data has been stolen from their systems:
Our investigation currently indicates that the attackers accessed Adobe customer IDs and encrypted passwords on our systems. We also believe the attackers removed from our systems certain information relating to 2.9 million Adobe customers, including customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders.
Reading some comments from around the web some people make the argument that with so much money Adobe should not have this kind of issues but the reality is that security is a very complex subject. We do not know details on how the data bridge was performed which it will be interesting to find out in the near future.
This hits close home since currently I am working on an application that requires extra care, specially with user’s data and altho the data can be encrypted there is always the risk of some trying to access data and it only takes decrypting one string in order to get the key to decrypt the rest.