Adobe Data Breach Far Worse Than Initially Reported

Dennis Faas's picture

Adobe has admitted that a recent breach of its servers was far more serious than first suspected. It's now believed that the personal information of roughly 38 million users may have been stolen. The high-profile security breach could hinder Adobe's plans to sell its software on a subscription basis.

Earlier this month, Adobe confirmed that hackers had stolen credit card records for almost three million of its customers. It also said an unknown number of usernames and passwords had been taken.

But this past weekend a website posted a file that contained more than 150 million usernames and passwords. (Source: bbc.co.uk)

Nearly 40 Million Active Users Affected

Adobe now says that it has been able to identify 38 million active users whose login details were stolen in the attack.

It believes many of the other details in the file are for outdated accounts that haven't been used for a couple of years; accounts that were invalid; or accounts created by Adobe for testing purposes. (Source: cnet.com)

The good news is that both the credit card records and the log-in details were encrypted. That will mean it could take some time for the hackers to use the stolen information.

But Adobe isn't taking any chances. The firm is contacting all active users to inform them of the breach and says it's resetting the password for every account involved in the attack. Even passwords for inactive accounts have been reset.

The reason: hackers are often interested in inactive user names and passwords because so many people use the same details for multiple sites.

It also appears the hackers stole the source code for several Adobe applications, including Acrobat and Photoshop. That could be hugely valuable information for producers of rival software.

Adobe Offers Free Credit Monitoring to Victims

Although there's no evidence yet that the thieves have been able to decrypt and use the stolen credit card data, Adobe is offering one year of credit monitoring through Experian for all customers affected by the attack.

The breach comes at a bad time for Adobe, which has recently switched to a subscription payment model aimed at allowing users to access tools like Photoshop without having to pay huge up-front costs. That means it will have to rely on customers trusting it with payment details.

Rate this article: 
No votes yet