Adobe reported what it called a “sophisticated” cyberattack on its network where hackers gained unauthorized access to confidential customer information including IDs and encrypted passwords. The hack affects some 2.9 million customers worldwide, the company estimates.
Information accessed in the attack includes names, encrypted credit or debit card numbers, expiration dates, and order information. Adobe does not believe the criminals removed decrypted credit or debit card numbers from company systems, however.
This security breach extended to Adobe source code for numerous products such as Acrobat, ColdFusion, ColdFusion Builder, and other company products, Adobe said. According to a blog entry, Adobe believes that the two security violations are related.
In addition to contacting and assisting law enforcement, Adobe says it’s resetting relevant customer passwords. Customers whose user ID or passwords were affected will be notified via email and instructed to change their passwords. Adobe also advises changing passwords on any website where customers may have used the same user ID and password as their Adobe account.
The company will also notify customers whose credit or debit card information may have been compromised. Those customers will receive additional instructions about how to guard against credit card fraud. In addition, Adobe says U.S. customers whose information was compromised will be offered the option of enrolling in a one-year complimentary credit monitoring membership where available.
Adobe reports it has notified the banks involved in customer payments for Adobe, so that the company can work with the credit card companies and card-issuing banks to help protect customers’ accounts.