A few weeks ago, Adobe – the company behind Photoshop, Acrobat, Illustrator, and other Creative Cloud software solutions – announced that it had been the target of a large-scale private data breach. According to Adobe reports at the time, just short of three million Adobe users had had their usernames, passwords, and possibly credit card information compromised.
That’s quite a strike against the security of one of the most prominent software developers in the world. But the news for Adobe (and its users) gets worse: further investigation revealed that the number of users whose private data was hacked is closer to 38 million. That’s over three times the original estimate of the attack.
Adobe Privacy Breach: Hacked Data Comes to Light
At the beginning of the month, cyber security experts accessed a large chunk of data stored on server space belonging to known cyber criminals.
What they found appeared to be data gleaned from Adobe’s internal data banks – at first glance, some source code for Adobe Acrobat and ColdFusion – along with what looked to be username and password data for people with Adobe ID accounts.
The data was brought to Adobe’s attention, and they acknowledged quickly that a data breach had occurred. In an interview with Krebs on Security:
Adobe confirmed that the company believes that hackers accessed a source code repository sometime in mid-August 2013, after breaking into a portion of Adobe’s network that handled credit card transactions for customers. Adobe believes the attackers stole credit card and other data on approximately 2.9 million customers, and that the bad guys also accessed an as-yet-undetermined number of user names and passwords that customers use to access various parts of the Adobe customer network.
Adobe went on to promptly send out notices to all 2.9 million affected parties to change their passwords. The company did not believe any unencrypted credit card data had been acquired by the hackers, but they nonetheless offered free credit monitoring service to the affected parties.
Did We Say 2.9 Million? We Meant 38 million
2.9 million user accounts would be bad enough but that a few short weeks later, Adobe’s estimation of the hackers’ impact tripled. Yes, tripled.
Further probes by security types revealed that there were at least 150 million username-password pairs compromised, and that some 39 million of those belong to active users – people who are using their Adobe IDs to purchase new software or access Adobe’s Creative Cloud.
And it might just keep growing, says Consumerist:
The pool of affected Adobe users could grow as the company investigates further. It says that many of the IDs and encrypted passwords accessed during the hack were no longer valid. Regardless, Adobe says it is still trying to track down and notify those inactive customers.
Aside from the customer data breaches, however, Adobe has another security concern: it seems that in addition to Acrobat and ColdFusion, the source code for the extremely popular Photoshop may have been part of the data breach.
Adobe Has Its Hands Full
It sounds as though Adobe is, to its credit, making a sincere effort to protect its users from credit card fraud and hacking, and being upfront with users about the state of things. Currently, it’s uncertain if the hackers have actually used the stolen data to access anyone’s account.
But if you have an Adobe ID, even one you haven’t used in a while, now might be a good time to change your password.
Have you lost personal information in a data breach where the company holding your data wasn’t as forthcoming about the breach? File a Complaint with us.
Student Identity Theft: Stanford University Compromised in Massive Data Breach
Scam Alert: Cell Phone SIM Cards Hacked, May Put You at Risk for Identity Theft
How To Deal with a Security Breach and Protect Your Private Info