Adobe attack actually compromised 38 million accounts

The security breach that affected Adobe accounts was much more widespread than first thought, with 38 million accounts compromised by the breach.

The original report from Adobe found that 2.9 million user accounts had been compromised, with attackers gaining access to customer IDs, encrypted passwords and source code for a number of Adobe products, including Acrobat. Encrypted credit card information and order information were also obtained in the breach.

It has since been revealed that 38 million accounts were affected, exposing usernames and encrypted passwords. Security website Krebs on Security reported on the update, also saying that the attackers may have accessed Photoshop source code.

Speaking with CNET Australia's sister site CNET, Adobe spokesperson Heather Edell confirmed the figure of 38 million accounts. "So far, our investigation has confirmed that the attackers obtained access to Adobe IDs and (what were at the time valid) encrypted passwords for approximately 38 million active users," she said. "We have completed email notification of these users. We also have reset the passwords for all Adobe IDs with valid, encrypted passwords that we believe were involved in the incident — regardless of whether those users are active or not."

"We are still in the process of investigating the number of inactive, invalid and test accounts involved in the incident," Edell said. "Our notification to inactive users is ongoing." Edell also mentioned that there was no indication of any unauthorised activity on affected accounts.

Adobe has provided an updated customer security alert with more information for users. Since the attack was first identified, Adobe has automatically reset passwords on affected accounts and notified users via email.

At the time of identifying the initial breach, Adobe said that it would offer users the option of a one-year free credit monitoring membership.