Adobe Has Been Hacked. Millions of IDs, Passwords, & Payment Information Potentially Affected
If you've been one many who has jumped on the Adobe bandwagon in the past few years, especially with the new Creative Cloud version of their software suite, some of your information may have just been compromised. Adobe announced today that their servers were hacked and at least 2.9 million users have been affected. Information such as IDs and passwords, as well as credit and debit card numbers, may have been accessed and/or compromised. Check out more from Adobe and what you can do about the situation if your account information has been stolen.
Here's what they said about the hacking on their blog (emphasis mine):
Our investigation currently indicates that the attackers accessed Adobe customer IDs and encrypted passwords on our systems. We also believe the attackers removed from our systems certain information relating to 2.9 million Adobe customers, including customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders. At this time, we do not believe the attackers removed decrypted credit or debit card numbers from our systems. We deeply regret that this incident occurred. We’re working diligently internally, as well as with external partners and law enforcement, to address the incident. We’re taking the following steps:
- As a precaution, we are resetting relevant customer passwords to help prevent unauthorized access to Adobe ID accounts. If your user ID and password were involved, you will receive an email notification from us with information on how to change your password. We also recommend that you change your passwords on any website where you may have used the same user ID and password.
- We are in the process of notifying customers whose credit or debit card information we believe to be involved in the incident. If your information was involved, you will receive a notification letter from us with additional information on steps you can take to help protect yourself against potential misuse of personal information about you. Adobe is also offering customers, whose credit or debit card information was involved, the option of enrolling in a one-year complimentary credit monitoring membership where available.
- We have notified the banks processing customer payments for Adobe, so that they can work with the payment card companies and card-issuing banks to help protect customers’ accounts.
- We have contacted federal law enforcement and are assisting in their investigation.
So what it looks like is that all of the credit or debit card information they believe has been accessed is still encrypted, and nothing that had been decrypted was accessed. While it seems the passwords were encrypted, they are taking the extra step of resetting those passwords, and if you were one of the people affected, you should be getting an email. The same goes for those who have had credit or debit information accessed -- you'll be getting an additional email from Adobe.
They also believe that source code was hacked for a number of programs:
Adobe is investigating the illegal access of source code for Adobe Acrobat, ColdFusion, ColdFusion Builder and other Adobe products by an unauthorized third party. Based on our findings to date, we are not aware of any specific increased risk to customers as a result of this incident.
Obviously this isn't a good development for a company that has faced quite a bit of backlash over its new Creative Cloud-only software options. They still have not addressed many of the concerns about accessing your old projects in the future if you stop paying, though they have done a very good job releasing significant updates well before they would have with older versions of CS (which is one of the reasons they had stated for moving to Creative Cloud versions of software).
If you were affected, you should be getting an email soon from Adobe about the situation and what you can do to help better protect yourself from any sort of identity theft or fraudulent charges.
- Important Customer Security Announcement -- Adobe Blog
- Illegal Access to Adobe Source Code -- Adobe Secure Software Engineering Team (ASSET) Blog