Adobe Hit With Massive Security Breach – Nearly 3 Million Customer Accounts Compromised

Adobe – a company responsible for a huge amount of the innovation enjoyed today by creative professionals and business users across the globe – revealed earlier today that they have suffered a major security breach. According to their statement, the breach could have compromised the security of up to 3 million customer accounts, including user IDs and passwords.

From the Adobe blog:

Our investigation currently indicates that the attackers accessed Adobe customer IDs and encrypted passwords on our systems. We also believe the attackers removed from our systems certain information relating to 2.9 million Adobe customers, including customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders.  

It’s unclear exactly how much information, and of what sort, might have been compromised – it could include credit card information and other highly sensitive details. In addition to the user account compromises, the company notes that a separate attack recently saw attackers walk away with  source code for a number Adobe products. Adobe believes the two attacks are likely connected.

As a precaution, the company is notifying any customer whose account information may have been compromised, and offering to provide a year of free credit monitoring for those users to enable them to keep an eye on whether their information is potentially being abused by the attackers.

It also goes without saying that, if you have an Adobe account, now would be a pretty excellent time to change your password. If you don’t remember do do this yourself, however, the company is in the process of resetting passwords for all impacted customers.We’ll keep you updated on this as we hear more.

UPDATE (10/4/13): Here’s the full text of the e-mail sent from Adobe to affected customers. Solid advice.

Important Customer Security Alert

We recently discovered that attackers illegally entered our network. The attackers may have obtained access to your Adobe ID and encrypted password. We currently have no indication that there has been unauthorized activity on your account. If you have placed an order with us, information such as your name, encrypted payment card number, and card expiration date also may have been accessed. We do not believe any decrypted card numbers were removed from our systems.  

To prevent unauthorized access to your account, we have reset your password. Please visit www.adobe.com/go/passwordreset to create a new password. We recommend that you also change your password on any website where you use the same user ID or password. As always, please be cautious when responding to any email seeking your personal information. 

We also recommend that you monitor your account for incidents of fraud and identity theft, including regularly reviewing your account statements and monitoring credit reports. If you discover any suspicious or unusual activity on your account or suspect identity theft or fraud, you should report it immediately to your bank. You will be receiving a letter from us shortly that provides more information on this matter.  

We deeply regret any inconvenience this may cause you. We value the trust of our customers and we will work aggressively to prevent these types of events from occurring in the future. If you have questions, you can learn more by visiting our Customer Alert page, which you will find here.

Adobe Customer Care

J. Glenn Künzler

Glenn is Managing Editor at MacTrast, and has been using a Mac since he bought his first MacBook Pro in 2006. He lives in a small town in Utah, enjoys bacon more than you can possibly imagine, and is severely addicted to pie.