Adobe Hack Was Much Worse than Previously Reported – 38 Million Accounts Affected

Remember adobe-logoearlier this month when Adobe revealed that someone had hacked the software giant’s servers and stolen info on 2.9 million customers? It turns out the leak was significantly larger - by over an order of magnitude, in fact.Brian Krebs of Krebs on Security is now saying that the leak has impacted at least 38 million users, a group 13 times as large as previously announced. And that's not all.

Besides the hacked accounts, Krebs' sources at Adobe are saying that the hackers made off with some or all of the source code for Photoshop. This is in addition to the massive (over 40GB) amount of source code already uncovered, including source code for  Acrobat, Cold Fusion, Adobe's web app platform, and Reader.

Yes, someone made off with a copy of the source code for a PDF reading app that has grown uglier and less useful with each release. If we are lucky the hackers might be planning to release a new and improved version of the app.

Over the weekend AnonNews.org posted a 3.8 GB file online that Krebs says looks identical to the stash of stolen Adobe info he stumbled upon earlier this month. It contains more than 150 million username and hashed password pairs, raising serious questions just how many accounts were compromised.

anonnews153kk[1]

Adobe has been contacting all the customers that might have been affected with a warning and a request that passwords be changed. Pretty much everyone who has bought an ebook with Adobe DE DRM got that email, including me.

They have also offered a free year of credit monitoring for any customer whose credit card info may have been stolen. Of course, this offer is only good via Experian, which has its own history of selling consumer info to an online identity theft service.

The latest word from Adobe is that there was no sign that there has been any unauthorized activity on any Adobe ID involved in the incident. “So far, our investigation has confirmed that the attackers obtained access to Adobe IDs and (what were at the time valid), encrypted passwords for approximately 38 million active users,” Adobe spokesperson Heather Edell said. “We have completed email notification of these users. We also have reset the passwords for all Adobe IDs with valid, encrypted passwords that we believe were involved in the incident—regardless of whether those users are active or not.”

The investigation is continuing, so the number of affected users could still grow.

About Nate Hoffelder (11579 Articles)
Nate Hoffelder is the founder and editor of The Digital Reader:"I've been into reading ebooks since forever, but I only got my first ereader in July 2007. Everything quickly spiraled out of control from there. Before I started this blog in January 2010 I covered ebooks, ebook readers, and digital publishing for about 2 years as a part of MobileRead Forums. It's a great community, and being a member is a joy. But I thought I could make something out of how I covered the news for MobileRead, so I started this blog."

1 Trackbacks & Pingbacks

  1. Adobe Responds to ALA on Spying Scandal With Fictitious and Misleading Statements - The Digital Reader

Leave a comment

Your email address will not be published.


*