Adobe hack hits 2.9m users as source code is stolen
Adobe will reset user passwords after researchers uncover a "sophisticated" attack against its networks
Adobe has revealed that hackers have accessed its networks, stealing data on 2.9 million of its users and source code for software.
Adobe uncovered the "sophisticated" attack "very recently", saying it believed the theft of user data and source code were related.
"Our investigation currently indicates that the attackers accessed Adobe customer IDs and encrypted passwords on our systems," Brad Arkin, Adobe's chief security officer, said.
Adobe said the data accessed includes customer names as well as encrypted debit and credit card numbers. "At this time, we do not believe the attackers removed decrypted credit or debit card numbers from our systems," Arkin added.
The attack also appears to have targeted the source code of several Adobe products. "Adobe is investigating the illegal access of source code for Adobe Acrobat, ColdFusion, ColdFusion Builder and other Adobe products by an unauthorised third party," it said. "Based on our findings to date, we are not aware of any specific increased risk to customers as a result of this incident."
In response, Adobe has notified affected users and reset their passwords, and also warned banks about the stolen card data. The company has already contacted police.
The attacks were uncovered by independent security researchers, including Brian Krebs and Alex Holden. The former noted on his blog that they found a "40GB source code trove stashed on a server used by the same cybercriminals believed to have hacked into major data aggregators earlier this year, including LexisNexis, Dun & Bradstreet and Kroll".
The attack against Adobe was uncovered on 17 September, and the company told Krebs that the hackers appeared to have had access to the network as far back as mid-August.
Adobe expressed its "regret" for the attack, and added: "cyber-attacks are one of the unfortunate realities of doing business today."