The purpose of this notification is to provide information about a recent security breach of the Adobe customer database and the potential impacts to members of the Queen's online community.

In October 2013, Adobe Systems Inc. suffered a cyber attack, during which their database of 38 million usernames and passwords was stolen and subsequently posted online. While the passwords were encrypted, the method of encryption did not follow industry best practices. Additionally, passwords were stored with users' password hints, which were inadequately encrypted and often weak, and could therefore be easily exploited.

While Adobe took immediate action to reset passwords for the compromised accounts and notify account holders, we are advising anyone with an Adobe ID to consider if they have used the same password for their NetID, or any other online account. If so, those accounts may be at risk.

If a hacker is able to access a compromised account, the potential implications include:
- using the account to send spam, viruses or malware
- identity fraud
- theft of bank funds or fraudulent credit card purchases
- using the victim’s account to access networks at their workplace to conduct widespread attacks

Recommended actions:

1. Change passwords for all Adobe accounts.

2. Use different passwords for all online accounts. If you have the same password for multiple accounts, change your passwords as soon as possible.

3. Monitor your financial accounts, particularly those used to purchase Adobe products online.

4. Remember to always use strong passwords that are hard to guess and do not use dictionary words.

5. Ensure that your Adobe products are up-to-date and fully patched.

For more information:

Please refer to Adobe's security alert here: http://helpx.adobe.com/x-productkb/policy-pricing/ecc.html

Additional bulletin from the CCIRC: http://www.publicsafety.gc.ca/cnt/rsrcs/cybr-ctr/2013/al13-004-eng.aspx