Adobe cyberattack ten times worse than originally thought
The loss of encrypted data included user names, passwords and credit card information
Adobe has revealed that a cyberattack it suffered earlier this month affected ten times more users than initially estimated.
The initial attack took place on 3 October, with Adobe chief security officer Brad Arkin announcing that “attackers removed from our systems certain information relating to 2.9 million Adobe customers, including customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders.”
This number has since been revised to 38 million active accounts, with Adobe also revealing that the source code for Photoshop, Adobe Acrobat, Reader and its ColdFusion web platform were also stolen.
Cyber security specialist Brian Krebs broke the news on his blog after examining a 3.8GB file posted to a hacking forum that contained “more than 150 million username and hashed password pairs taken from Adobe”.
Adobe has since explained that this figure refers to “inactive, invalid and test accounts”, but that 38 million “active” user accounts have been affected.
“So far, our investigation has confirmed that the attackers obtained access to Adobe IDs and (what were at the time valid), encrypted passwords for approximately 38 million active users,” said Adobe spokesperson Heather Edell.
“We have completed email notification of these users. We also have reset the passwords for all Adobe IDs with valid, encrypted passwords that we believe were involved in the incident—regardless of whether those users are active or not.”
“We are still in the process of investigating the number of inactive, invalid and test accounts involved in the incident,” said Edell in an email. “Our notification to inactive users is ongoing.”
Although the stolen information was encrypted it is still possible that determined hackers will be able to decode the login details. This could lead to attacks on individuals’ Adobe accounts as well as other online identities, as most internet users tend to re-use passwords across multiple sites.
Adobe has so far refused to comment on whether or not the stolen information has been used in attacks against their users, commenting only that “Our investigation is still ongoing”.
Life & Style blogs
Not brushing your teeth can lead to dementia and heart disease
Charlie Charlie Challenge: everyone on the internet thinks it’s a marketing stunt, but it probably isn’t
What do the emojis on Snapchat mean?
Spanish restaurant El Celler de Can Roca reclaims top spot to be named world's best restaurant
Windows 10: apps and features killed off as Microsoft reveals limits of new operating system
Thousands of teenage girls enduring debilitating illnesses after routine school cancer vaccination
Migrants in Kos: Photos show real tragedy after Brits abroad complain of 'awkward' holidays
British tourists complain that impoverished boat migrants are making holidays 'awkward' in Kos
Michael Gove determined to scrap the Human Rights Act – even if Scotland retains it
Threat to scrap Human Rights Act could see UK follow Nazi example, warns UN official
Church of England 'one generation away from extinction' after dramatic loss of followers
- 3 Alton Towers crash: Four seriously injured and 16 guests trapped as Smiler ride carriages collide
- 4 Ann Summers survey reveals the UK's favourite sex position
iJobs Gadgets & Tech
£20000 - £23000 per annum: Recruitment Genius: This Managed IT Services Provid...
£20000 - £28000 per annum: Recruitment Genius: This specialist high tech compa...
£12000 - £16000 per annum: Recruitment Genius: New Full-time, Part-time and Fr...
£30000 - £35000 per annum: Recruitment Genius: An experienced creative web and...