Adobe: At least 38 million users impacted; Photoshop source code accessed by hackers

By  | 


@ 21:09 GMT
Wiebke Lips, Sr. Manager Corporate Communication at Adobe, has clarified in an emailed statement that Adobe is still investigating the security breach and the information pertaining to 2.9 million users, as initially disclosed in a public disclosure remains unchanged.

Lips further clarified that its ongoing investigation indicated that the attackers accessed Adobe Customer IDs and encrypted passwords and as a precautionary measure Adobe reset all relevant passwords to prevent unauthorized access to Adobe ID accounts.

Original Story

The security breach which tore apart Adobe’s defenses earlier this month has reportedly impacted over 38 million active users. and not 2.9 million users as originally claimed.

According to a report on KrebsOnSecurity, Adobe has confirmed that hackers have managed to steal details of at least 38 million users. The details believed to have been stolen includes Adobe IDs and (at that time) valid encrypted passwords of those active users. Adobe spokesperson Heather Edell said that the company has finished with its campaign of notifying affected users. However, Brian Kerbs notes that he came across a file on AnonNews.org that seems to have 150 million username and hashed password combinations from Adobe.

“We also have reset the passwords for all Adobe IDs with valid, encrypted passwords that we believe were involved in the incident—regardless of whether those users are active or not”, Edell said.

The report also claims that the limits of the source code breach may have broadened as a recent posting on AnonNews.org includes a file that seems to have source code for Adobe Photoshop. The source code theft was originally believed to be limited to Adobe Acrobat and Reader, and ColdFusion Web Application platform.

Edell confirmed the same and wrote, “Our investigation to date indicates that a portion of Photoshop source code was accessed by the attackers as part of the incident Adobe publicly disclosed on Oct. 3.”

Editor’s Note: Updated at 21:09 GMT with clarifications regarding the 2.9 million customers whose data may have been stolen during Adobe breach.