The security breach into Adobe's web servers leading to compromised user names, email addresses, encrypted credit card numbers and more, is actually worse than originally thought. The security experts over at Krebs on Security say hackers gained access to at least 38 million accounts, a whopping difference from the 3 million number Adobe first provided.
Adobe announced the security breach at the beginning of October and as a precaution reset customer passwords to help prevent unauthorised access to Adobe ID accounts, "We’re working diligently internally, as well as with external partners and law enforcement, to address the incident," the company said at the time.
AnonNews.org reportedly posted a huge file called “users.tar.gz” to the net over the weekend, holding 150 million username and hashed password sets taken from Adobe. It's not clear how well the information has been encrypted and if it's even crackable, but nonetheless a scary situation for users.
Heather Edell, a spokeswoman for Adobe, told Krebs on Security: “So far, our investigation has confirmed that the attackers obtained access to Adobe IDs and (what were at the time valid), encrypted passwords for approximately 38 million active users. We have completed email notification of these users. We also have reset the passwords for all Adobe IDs with valid, encrypted passwords that we believe were involved in the incident—regardless of whether those users are active or not.”
For customers who had their encrypted payment information taken, Adobe said it will offer the option of enrolling in a one-year complimentary credit monitoring membership. Those customers will be promptly notified by Adobe "with additional information on steps you can take to help protect yourself against potential misuse of personal information about you".
Adding more to the situation, Adobe says Photoshop source code was taken in addition to InDesign, Illustrator, After Effects, and several mobile apps. This will give hackers insight into Adobe's secret products.