ADOBE said yesterday that the scope of a cyber-security breach disclosed nearly a month ago was far bigger than initially reported, with attackers obtaining data on more than 38m customer accounts.
The software maker also said that hackers had stolen part of the source code to Photoshop editing software that is widely used by professional photographers.
The company disclosed the breach on 3 October, saying attackers took credit card information and other data from nearly 3m accounts.
Adobe also said that the hackers accessed an undisclosed number of Adobe IDs and encrypted passwords that were stored in a separate database. It has now revealed that about 38m records from that database were stolen.
Spokeswoman Heather Edell said Adobe believes the attackers also obtained access to “many invalid Adobe IDs, inactive Adobe IDs, Adobe IDs with invalid encrypted passwords and test account data”.
Even though the company believes the stolen passwords were encrypted, the attackers may have been able to access them in plain text by one of several methods, including breaking the algorithm that Adobe used to scramble them, said Marcus Carey, a security researcher.
City A.M. Reporter