1 Reply Latest reply on Mar 17, 2012 3:38 AM by BKBK

    How to prevent ColdFusion serial number from being stolen?




      Today it was the fifth time my Adobe account was hacked in order to transfer my serial numbers to a different account. Adobe says they cannot prevent this from happening, as their security protocal instructs them to change the password to adobe123 as soon as anyone asks by phone or chat.


      What happens is that the hacker first contacts Adobe to ask "which account they registered serial number xxx to" (recorded from a previous hack), then they contact support again to ask for a password change. Adobe will invariably grant this, one way or the other. This time around I put my serials on my mothers' name and address, and plastered my Adobe account details with warnings like ADOBE SUPPORT PLEASE DO NOT CHANGE MY PASSWORD and a secret question/answer combination in the address field. That, however, did not stop Adobe from changing my password again on behalf of a hacker. I don't know what else I can do if Adobe doesn't take this problem seriously and updates their security.


      I have been checking my account every day for the past few months just to respond quickly whenever the hack occurs. Frankly, I am getting tired of putting so much time and energy into protecting my serials. I have asked Adobe to update their security protocols so many times now, but since these are centrally set they always tell me they cannot do anything about it. I am extremely upset by this practice, even though Adobe has always made things right (until the next hack attempt) by creating a new account and transferring my licences. Just the time and energy wasted in checking daily if my account has been hacked and then following up with various levels of Adobe support is not worth it. I am thinking of doing something drastic, like switch to Railo altogether, sue Adobe for facilitating hackers, write a letter to Adobe CEO, or anything just to get their attention and actually do something about this.


      For me an extra complicating factor is that I live in Europe, spend most of my time in Asia, while ColdFusion for all means and purposes is really only a known product by Adobe US (it took me a while one time to convince an Adobe representative that ColdFusion is a name of their product, not of my company...). Adobe is structured by contintent, so as soon as I call from a different location then where my credit card is registered or where the serial number is from, they get hopelessly paralized.


      My question to you is the following: is there anyway with the same problem who would like to help me force Adobe to update their security protocols and take the security of their customers more seriously?