Do you use an Adobe product? Photoshop? Premiere? Illustrator? Have you ever registered online or purchased cloud-based services from Adobe? If so, the Adobe theft could affect you. Yes, you could be one of the up to 38 million users who are affected by the theft of private information from Adobe this past October. The security breach at Adobe is turning out to be much more widespread than the company first let on.
When Adobe announced the breach on October 3, it said that attackers stole user names and encrypted passwords for an undisclosed numbers of users, along with encrypted credit or debit card numbers and expiration dates for up to three million customers. Krebs on Security now reports on the full extent of the attack, confirming the 38 million figure now admitted to by Adobe. And, we may not have seen the end of this – the total number of people may be far beyond the 38 million we know about.
According to Krebs on Security, the 3.8GB file includes more than 150 million usernames and hashed passwords, all taken from Adobe. The same file also apparently turned up on a server with the other stolen Adobe data.Adobe admits that 38 million active users users were affected, whereas the other usernames and passwords could include inactive IDs, test accounts and IDs with invalid passwords. Adobe is still investigating, and given the tendency of users to repeat the same usernames and passwords across multiple Web services, inactive account holders could still face a security risk.
Adobe is trying to notify inactive users of the breach, and has already reset passwords for active users who were affected.To make matters worse, Krebs on Security and Hold Security both report that hackers captured source code for Adobe products including Photoshop, Acrobat, and Reader.Hold Security noted that the source code theft could have far-reaching security implications.This includes possible new viruses, malware, and security breaches of personal information.Active Adobe users affected by the breach should have received a notification from the company by now, prompting them to change passwords. We suggest you consider making changes to how you manage your personal security.
Adobe notes that users can employ several strategies to keep their data safe, such as setting different passwords on each site or setting up a password manager. The key is to not let your current settings remain in effect. If you’ve been using a password related to any Adobe product, or if you paid Adobe money via a credit card, change your passwords (for every account on every website) today.