Adobe Hack ‘Affected 38 Million Users’

A security breach at software giant Adobe had a significantly wider impact that had initially been feared, with 38 million said to have had encrypted passwords stolen.

An investigation by Brian Krebs earlier this month found three million users may have had their encrypted credit card details and other personal data accessed by hackers, but a file published on the AnonNews.org website, aimed at Anonymous members, contained allegedly stolen data that indicates many more logins for Adobe products were also taken.

Adobe breach worse than thought

Adobe admitted many of the 38 million logins were for active users as well as inactive customers.

“Our investigation has confirmed that the attackers obtained access to Adobe IDs and (what were at the time valid), encrypted passwords for approximately 38 million active users,” a spokesperson told Krebs.

Customers have now been told to reset their passwords, as Adobe continues to investigate the situation. It is not believed any of the affected credentials have been used to access customer accounts.

The software provider may also have further issues with source code leaks. Initially, it was thought only a handful of products were affected, including Acrobat and Reader, but it is now believed the massively popular Photoshop had its source code nabbed.

“Our investigation to date indicates that a portion of Photoshop source code was accessed by the attackers as part of the incident Adobe publicly disclosed on 3 October,” the spokesperson added.

It remains unclear how the hackers actually gained access to Adobe systems. It is believed the same attackers compromised systems at PR Newswire, a press release aggregator.

Other companies’ data was resident on the hackers’ server analysed by Krebs and a colleague from Hold Security, meaning further revelations are likely.

Are you a security expert? Try our quiz!