Adobe cyberattack ten times worse than originally thought
The loss of encrypted data included user names, passwords and credit card information
Adobe has revealed that a cyberattack it suffered earlier this month affected ten times more users than initially estimated.
The initial attack took place on 3 October, with Adobe chief security officer Brad Arkin announcing that “attackers removed from our systems certain information relating to 2.9 million Adobe customers, including customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders.”
This number has since been revised to 38 million active accounts, with Adobe also revealing that the source code for Photoshop, Adobe Acrobat, Reader and its ColdFusion web platform were also stolen.
Cyber security specialist Brian Krebs broke the news on his blog after examining a 3.8GB file posted to a hacking forum that contained “more than 150 million username and hashed password pairs taken from Adobe”.
Adobe has since explained that this figure refers to “inactive, invalid and test accounts”, but that 38 million “active” user accounts have been affected.
“So far, our investigation has confirmed that the attackers obtained access to Adobe IDs and (what were at the time valid), encrypted passwords for approximately 38 million active users,” said Adobe spokesperson Heather Edell.
“We have completed email notification of these users. We also have reset the passwords for all Adobe IDs with valid, encrypted passwords that we believe were involved in the incident—regardless of whether those users are active or not.”
“We are still in the process of investigating the number of inactive, invalid and test accounts involved in the incident,” said Edell in an email. “Our notification to inactive users is ongoing.”
Although the stolen information was encrypted it is still possible that determined hackers will be able to decode the login details. This could lead to attacks on individuals’ Adobe accounts as well as other online identities, as most internet users tend to re-use passwords across multiple sites.
Adobe has so far refused to comment on whether or not the stolen information has been used in attacks against their users, commenting only that “Our investigation is still ongoing”.
Life & Style blogs
Geeks who rocked the world: Documentary looks back at origins of the computer-games industry
Who is Teresa Fidalgo? Debunking the fake ghost story that's got Instagram spooked
Paris Fashion Week: Skirting the issue for the stylish boys' brigade
The enemy within: People who hear voices in their heads are being encouraged to talk back
Miss Universe 2015: A beefeater, a yellow tree and an entire hockey game - the bizarre national costumes
Nigel Farage: NHS might have to be replaced by private health insurance
'We would evict Queen from Buckingham Palace and allocate her council house,' say Greens
French court convicts three over homophobic tweets, in case hailed as a 'significant victory' by LGBT rights campaigners
British Muslim school children suffering a backlash of abuse following Paris attacks
George Galloway condemns 'racist, Islamophobic, hypocritical rag' Charlie Hebdo at freedom of speech rally
Islamic history is full of free thinkers - but recent attempts to suppress critical thought are verging on the absurd
- 1 Benedict Cumberbatch says Hollywood is better for black British actors: 'I think as far as coloured actors go it gets really difficult in the UK'
- 2 Man who held up 'hire me' sign at Waterloo station returns a year later with 'I'm hiring' sign
- 5 Warriors in ancient Iraq suffered Post-Traumatic Stress Disorder more than 3,000 years ago, say researchers
iJobs Gadgets & Tech
£25000 - £30000 per annum: Ashdown Group: Junior Test Analyst/Systems Administ...
£40000 - £65000 per annum: Recruitment Genius: A Global Real Estate Software P...
Negotiable: Recruitment Genius: This is an exciting opportunity for a talented...
£17000 - £26000 per annum: Recruitment Genius: Due to continuing growth, recru...