Adobe data breach more extensive than previously disclosed

BOSTON Tue Oct 29, 2013 6:32pm EDT

Adobe company logos are seen in this picture illustration taken in Vienna July 9, 2013. Picture taken July 9, 2013. REUTERS/Leonhard Foeger

Adobe company logos are seen in this picture illustration taken in Vienna July 9, 2013. Picture taken July 9, 2013.

Credit: Reuters/Leonhard Foeger

Related Topics

BOSTON (Reuters) - Adobe Systems Inc said on Tuesday that the scope of a cyber-security breach disclosed nearly a month ago was far bigger than initially reported, with attackers obtaining data on more than 38 million customer accounts.

The software maker also said that hackers had stolen part of the source code to Photoshop editing software that is widely used by professional photographers.

The company disclosed the breach on October 3, saying attackers took credit card information and other data from nearly 3 million customers' accounts.

Adobe also said that the hackers accessed an undisclosed number of Adobe IDs and encrypted passwords that were stored in a separate database. On Tuesday, it revealed that about 38 million records from that database were stolen.

On October 3, the company also reported that the attackers stole source code to three other products: Acrobat, ColdFusion and ColdFusion Builder.

Adobe spokeswoman Heather Edell said the software maker believes the attackers also obtained access to "many invalid Adobe IDs, inactive Adobe IDs, Adobe IDs with invalid encrypted passwords and test account data."

She said the company is still investigating to determine how much invalid account information was breached and is in the process of notifying affected users.

Even though the company believes the stolen passwords were encrypted, the attackers may have been able to access them in plain text by one of several methods, including breaking the algorithm that Adobe used to scramble them, said Marcus Carey, a security researcher and expert on cyber attacks, who formerly worked as an investigator with the National Security Agency.

They could likely use those passwords to break into other accounts because many people use the same passwords for multiple accounts, he said.

"This is a treasure trove for future attacks," Carey said.

Adobe spokeswoman Heather Edell said that the company was not aware of any unauthorized activity on Adobe accounts as a result of the attack.

Yet Edell said she could not say whether stolen credit cards or passwords had been used to launch follow-on attacks against Adobe customers or conduct other types of cyber crimes.

"Our investigation is still ongoing," she said. "We anticipate the full investigation will take some time to complete."

(Reporting by Jim Finkle; Editing by Jan Paschal)

FILED UNDER:
We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see http://blogs.reuters.com/fulldisclosure/2010/09/27/toward-a-more-thoughtful-conversation-on-stories/
Comments (5)
Loucleve2 wrote:
why anyone would wanna use the cloud is beyond me.

unless they want their stuff stolen.

Oct 29, 2013 7:16pm EDT  --  Report as abuse
LEEDAP wrote:
Hi @Loucleve2, nobody said the data was in the cloud. But I know what you mean. Adobe also has the EchoSign product which is a cloud based method of electronically signing documents. Breaching that could lead to a lot of insight into physical and intellectual property and other deals, too. This is very frightening stuff. The cloud is making so many things easier and the Internet is lowering transaction costs. Going back to the old way of doing things would be like taking a horse to work. That’s one kind of pollution you can’t ignore!

Oct 30, 2013 1:28am EDT  --  Report as abuse
MyCoalescence wrote:
I disagree. I take bicycle to school and work every day. In the past Ive gone as far as 5 miles each way. The funny thing is for in town a bike is nearly as fast as a car and at times faster because you can cut through places a car cant like a park or sidewalks.

Back to reality. This is just one more reason to no join cc crazy containment. It makes you go crazy and proliferate itself like a virus and believe you can only be creative or professional with adobe and a mac. Marketing lies. I would not touch cc with a 10 foot pole and treat it like a plague! Im a college student in graphic design and dont any any software like adobe. Im even wary of getting the student edition of cs 6. Who knows what else adobe is not telling us. It sad when we have to start thinking of a business like a dirty underhanded group of politicians who just want you to keep the money coming in.

Oct 30, 2013 10:53am EDT  --  Report as abuse
This discussion is now closed. We welcome comments on our articles for a limited period after their publication.