Adobe hackers behind breach at PR Newswire – but company claims “no fake releases” have gone out

The global press release distribution firm PR Newswire has admitted to a large-scale breach, in which usernames and passwords were stolen – but claims hackers have not sent out “fake” releases, which can be used to manipulate financial markets or cause other disruption.

The breach was uncovered by security reporter Brian Krebs, and reported on his blog, Krebs on Security. Krebs says that the breach is tied to the attackers who broke into Adobe’s systems – the stolen data was found on the same servers that hosted source code stolen from Adobe.

Krebs says that the stolen data appears to date from March. PR Newswire is alerting affected customers and initiating password resets. Ten thousand accounts were on the database, and these appear to be firms in Europe, the Midle East and Africa, Krebs said.

PR Newswire says that the data has not been used to send out “fake” press releases – a highly powerful tool in the hands of criminals.

Last week, Cision AB, a press-release company, published a “completely false” release about Samsung buying a small biometrics firm. The news was republished around the world, and shares in the company soared. The case is currently being investigated by police, according to a report by Engadget.

“There has been no major fallout, but the ramifications could have been serious. If a hacker compromised a PR Newswire account and began disseminating false information, it could seriously affect the share price of the related firm,” said TechWeekEurope in a report.

“PR Newswire has protocols and redundancies in place that are designed to minimize the risk of distributing fraudulent press releases, including both technological and human safeguards prior to issuing any release,” the company said in a statement.

“The database contains approximately 10,000 records; however, there is only a minority of active users on this database. Those users represent an even smaller number of customers, as each customer generally has multiple usernames. PR Newswire decided to implemented a mandatory password reset for all customers with accounts on this database as a precautionary measure.”

The data stolen from PR Newswire was tiny in comparison to the breach suffered by Adobe, which ESET researcher Stephen Cobb described as “unprecedented” – not only did the attackers gain access to 2.9 million usernames and encrypted passwords, source code was also stolen for Adobe products.

Cobb said that this attack was, “pretty much unprecedented” in terms of the potential risks it posed.

“We have seem previous breaches of customer information that were bigger than this, but if, as Brian Krebs suggests, the source code of Adobe Acrobat has been compromised, that would be pretty much unprecedented.”

“According to Adobe’s own figures, there are hundreds of millions of instances of Adobe Reader and Acrobat, across all major computing platforms, including Windows, Mac, iOS and Android,” Cobb says. Access to the source code could be a major asset for cybercriminals looking to target those platforms.

Krebs claims that Adobe and PR Newswire are by no means the only companies targeted by this group – and says further revelations are forthcoming.

Author , We Live Security

Follow us

Copyright © 2017 ESET, All Rights Reserved.