Adobe officials earlier this month confirmed that the company was the victim of a long term network breach which exposed consumer data including passwords and credit card information, as well as exposing the source code for some of their leading products.
“Adobe’s security team recently discovered sophisticated attacks on our network, involving the illegal access of customer information as well as source code for numerous Adobe products. We believe these attacks may be related. We are working diligently internally, as well as with external partners and law enforcement, to address the incident,” the company stated.
Initial reports indicated that the company believed that as many as “2.9 million Adobe customers, including customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders.”
Adobe now says that their “investigation has confirmed that the attackers obtained access to Adobe IDs and (what were at the time valid), encrypted passwords for approximately 38 million active users.”
The company says it is still in the process of alerting effected customers, and that the investigation into the breach is still underway.
Adobe initially acknowledged the breach after Brian Krebs of KrebsOnSecurity had connected the incident to a recently discovered compromise of multiple consumer data brokers, including LexisNexis, Dun & Bradstreet, and Kroll Background America.
During his investigation into the identity theft ring behind the breaches, Krebs discovered a bounty of stolen source code for Adobe’s ColdFusion Web application platform, and possibly also for its Acrobat products. Adobe now believes that Photoshop and Reader source code was also exposed.
Read More Here…