Adobe hack far worse than originally thought, 38 million users hit


posted Wednesday, October 30, 2013 at 2:02 PM EDT


Earlier this month news came out that Adobe was hit by a major security breach, with personal information from 2.9 million users affected. Now it seems that the situation is much, much worse than was originally believed. A new report indicates that data from at least 38 million users was stolen — an order of magnitude more than the first claims.

This comes from the Kreb on Security blog, who were the first to find out about the original data breach. Now, the new information comes from an enormous trove of data posted on an anonymous news page, which seems to include "more than 150 million username and hashed password pairs taken from Adobe." Apparently Adobe has already been contacting users whose accounts may have been compromised, suggesting they change passwords. They also suggest that a great many of the stolen IDs are inactive, or test accounts, and that no fraudulent activity has been spotted yet. According to a spokesperson:

“So far, our investigation has confirmed that the attackers obtained access to Adobe IDs and (what were at the time valid), encrypted passwords for approximately 38 million active user. We have completed email notification of these users. We also have reset the passwords for all Adobe IDs with valid, encrypted passwords that we believe were involved in the incident—regardless of whether those users are active or not.”

Alongside the news of the customer security breach possibly being much larger than originally guessed, it also seems the loss of source code may have been greater than thought, too. Originally it was believed that source codes for Adobe Acrobat, Reader and the ColdFusion Web application platform were stolen, but now it seems that those for Adobe Photoshop were also taken.

Even if you haven't been contacted by Adobe, now's probably a good time to change your password anyway. Just in case.

(via The Verge)