Skip to main content

Adobe hack much bigger than first reported, 38 million accounts affected

Adobe Headquarters
The Adobe security breach that took place at the start of this month was bigger than first thought — much bigger.

While the U.S. software giant originally said 2.9 million accounts had been compromised, it emerged this week that it now believes around 38 million accounts were affected.

Related Videos

Adobe said at the time of the breach it was likely that data including customer names, encrypted credit and debit card numbers, expiration dates, and other information relating to customer orders had been obtained by hackers.

It also revealed that a number of Adobe IDs and encrypted passwords from a different database had also been accessed. This week the company said that it was from this database that around 38 million records had been taken.

And the hackers didn’t stop there. According to the software company, they also got their hands on part of the source code for its big-selling image-editing software, Photoshop. When news of the security breach broke earlier this month, Adobe said source code for a number of its other products, including Adobe Acrobat, ColdFusion, ColdFusion Builder, had also been stolen.

Commenting on why the company has taken so long to communicate the full extent of the hack, an Adobe spokeswoman said, “In our [original] public disclosure, we communicated the information we could validate.”

She explained, “As we have been going through the process of notifying customers whose Adobe IDs and passwords we believe to be involved, we have been eliminating invalid records. Any number communicated in the meantime would have been inaccurate.”

Adobe has since reset passwords on accounts it believes have been affected by the attack and has been sending out emails to these customers explaining how they can change their password to one of their choosing.

The company also strongly advised users to change their passwords on any other website where they may have used the same user ID and password as their Adobe account.

Writing about the incident at the beginning of October, Adobe chief security officer Brad Arkin said “cyberattacks are one of the unfortunate realities of doing business today. Given the profile and widespread use of many of our products, Adobe has attracted increasing attention from cyberattackers.”

The spokeswoman said that so far there’s no evidence of suspicious activity on user accounts affected by the security breach, adding that the investigation is ongoing.

[via BBC]

Editors' Recommendations

How much is the hacked Yahoo database worth? Try $300,000
yahoo email spying lawsuit news sign

It's been yet another bad week for Yahoo, the perpetually beleaguered internet giant based in Sunnyvale, California. This past September, we learned of an enormous 2014 hack into its user database that compromised 500 million accounts. That would be the tip of the iceberg, as this week another larger hack came to light -- a staggering billion accounts were hacked in 2013.

When you're dealing with numbers of this size, a lot of money goes along with it. The New York Times says that last August, a shadowy "hacking collective in Eastern Europe" began offering the hacked data for sale -- this from Andrew Komarov, who is chief intelligence officer at InfoArmor, a cybersecurity outfit out of Arizona that deals in "advanced threat intelligence" and monitors the seamy areas of the internet that are populated by crooks, scammers, spammers, and spies. The Times says that "two known spammers and an entity that appeared more interested in espionage paid about $300,000 each for a complete copy of the database."

Read more
Yahoo was hacked in 2013, and more than 1 billion accounts were compromised
verizon yahoo acquisition 5 billion version 1469435806 offices headquarters hq sign logo

Yahoo is already dealing with some customer distrust issues thanks to a hack that took place in September, and now new information about another hack has emerged and could really be the final nail in the long overdue Yahoo coffin.

The company has disclosed a hack that took place way back in August 2013, in which hackers obtained data from a stunning 1 billion accounts. Yahoo claims this information could include names, email address, phone numbers, dates of birth, encrypted passwords, and even the answers to some security questions, both encrypted and unencrypted.

Read more
Confirmed: A hacker accessed records of more than 500 million Yahoo accounts
yahoo 500 million accounts hacked on tablet

Following reports Thursday morning of a massive Yahoo security breach, the embattled internet giant confirmed the worst this afternoon: personal records associated with hundreds of millions of accounts had been compromised in one of the worst cybersecurity breaches this year. According to a statement on a Yahoo FAQ webpage, a "state-sponsored actor" scraped the names, email addresses, telephone numbers, dates of birth, and passwords associated with more than 500 million Yahoo accounts as recently as 2014.

Yahoo said there is no evidence the responsible party still had access to its network or internal services. Furthermore, it said not all accounts were compromised, and that some details, such as bank account numbers and credit card data, do not appear to have been targeted. But the company said that out of an abundance of caution, it had taken steps to inform affected users of the breach and invalidated unencrypted passwords and security questions. It also urged account holders who had not changed their passwords since 2014 to do so, and encouraged all Yahoo users to change their security questions and answers and review their accounts for "suspicious activity."

Read more