Skip to Main Content
PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

Adobe Hacked, Data for Millions of Customers Stolen

Unknown attackers made off with encrypted credit card info, user names, passwords, and source code for Adobe products, the software company says.

October 3, 2013
Adobe Logo

Adobe said Thursday that it recently suffered a massive security breach which compromised the IDs, passwords, and credit card information of nearly three million customers.

"Our investigation currently indicates that the attackers accessed Adobe customer IDs and encrypted passwords on our systems. We also believe the attackers removed from our systems certain information relating to 2.9 million Adobe customers, including customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders," Brad Arkin, Adobe's chief security officer, wrote in a security alert.

Arkin said the unknown attackers made off with encrypted credit and debit card numbers, "[a]t this time, we do not believe the attackers removed decrypted credit or debit card numbers from our systems."

The software firm also said "source code for numerous Adobe products" was stolen in a separate intrusion that could be related to the theft of customer information.

Adobe said it had alerted federal law enforcement authorities of the attacks as well as informing its banking and payment processing partners. The company said it would reset "relevant customer passwords" as a precaution, with affected customers due to receive email notifications instructing them to change their Adobe passwords. Arkin also recommended that any affected customers who use the same password for other sites as they do for Adobe change their login details for those other sites as well.

The company said customers whose credit or debit card information was compromised would be offered a year's membership in a credit monitoring service courtesy of Adobe.

"We will work aggressively to prevent these types of events from occurring in the future. Again, we deeply regret any inconvenience this may cause you," Arkin said.

Adobe did not specify which of its products were compromised in the source-code theft, but Brian Krebs of the Krebs on Security blog, which reported the security breach several hours before Adobe officially acknowledged it, said the "ColdFusion Web application platform and possibly [the] Acrobat family of products" were among those affected.

Krebs said that last week, he and fellow security researcher Alex Holden of Hold Security "discovered a massive 40GB source code trove stashed on a server used by the same cyber criminals believed to have hacked into major data aggregators earlier this year, including LexisNexis, Dun & Bradstreet, and Kroll Background America." The collection of compiled and uncompiled code "appeared to be source code for ColdFusion and Adobe Acrobat," he reported.

For more, check out Security Experts Weigh In On Adobe Hack.

Get Our Best Stories!

Sign up for What's New Now to get our top stories delivered to your inbox every morning.

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.


Thanks for signing up!

Your subscription has been confirmed. Keep an eye on your inbox!

Sign up for other newsletters

TRENDING

About Damon Poeter

Reporter

Damon Poeter

Damon Poeter got his start in journalism working for the English-language daily newspaper The Nation in Bangkok, Thailand. He covered everything from local news to sports and entertainment before settling on technology in the mid-2000s. Prior to joining PCMag, Damon worked at CRN and the Gilroy Dispatch. He has also written for the San Francisco Chronicle and Japan Times, among other newspapers and periodicals.

Read Damon's full bio

Read the latest from Damon Poeter