Adobe Breach Affects 2.9 MillionAttackers Accessed Customer Data, Product Source Code
Adobe is notifying 2.9 million customers that their personal information, including encrypted payment card numbers, has been compromised as a result of a breach of the software company's network. Source code for numerous products also was illegally accessed, the company confirms.
See Also: Live Webinar | Education Cybersecurity Best Practices: Devices, Ransomware, Budgets and Resources
Brad Arkin, chief security officer at Adobe, made the announcement Oct. 3 in a blog post on the company's website.
"Very recently, Adobe's security team discovered sophisticated attacks on our network, involving the illegal access of customer information as well as source code for numerous Adobe products," he said. "We believe these attacks may be related."
Adobe says the attackers accessed customer IDs and encrypted passwords on its systems. The attackers also "removed from our systems" certain information on 2.9 million customers, including names, encrypted credit or debit card numbers, card expiration dates and other information relating to customer orders, Arkin said.
"At this time, we do not believe the attackers removed decrypted credit or debit card numbers from our systems," Arkin said. "We're working diligently internally, as well as with external partners and law enforcement, to address the incident."
Adobe is resetting customer passwords to aid in preventing unauthorized access to Adobe ID accounts, the blog post said.
The company is also notifying customers whose payment card information was involved in the incident, offering them the option of enrolling in a one-year free credit monitoring membership, according to the blog post.
Source Code Compromised
Adobe is also investigating the illegal access of source code for Adobe Acrobat, ColdFusion, ColdFusion Builder and other Adobe products by an unauthorized third party.
"Based on our findings to date, we are not aware of any specific increased risk to customers as a result of this incident," Arkin wrote in a second blog post.
The company isn't aware of any zero-day exploits targeting its products, but it's recommending customers apply all available security updates.