SOFTWARE COMPANY Adobe has admitted falling victim to several "sophisticated attacks" on its computer network, which has reportedly affected 38 million users - not three million as initially reported.
Adobe admitted that the number had climbed in a statement. It said, "So far, our investigation has confirmed that the attackers obtained access to Adobe IDs and (what were at the time valid), encrypted passwords for approximately 38 million active users.
"We have completed email notification of these users. We also have reset the passwords for all Adobe IDs with valid, encrypted passwords that we believe were involved in the incident—regardless of whether those users are active or not.”
Adobe said the attacks occurred "very recently", though it's not sure when, and involved illegal access to customer information as well as the source code for many Adobe software products.
"Our investigation currently indicates that the attackers accessed Adobe customer IDs and encrypted passwords on our systems," said Adobe chief security officer, Brad Arkin in a blog post, when the hack was first uncovered earlier this month.
"We also believe the attackers removed from our systems certain information relating to Adobe customers, including customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders."
It's unclear whether the same attackers are to blame for the compromise of customer information and the theft of the source code.
However, without sounding very confident, Arkin claimed that "at this time" he doesn't believe the attackers removed decrypted credit or debit card numbers from the firm's systems. He said Adobe is "working diligently internally, as well as with external partners and law enforcement, to address the incident".
The graphics software firm is resetting customer passwords as a precaution to help prevent further access to Adobe customer accounts.
"We are in the process of notifying customers whose credit or debit card information we believe to be involved in the incident," the firm said. "If your information was involved, you will receive a notification letter from us with additional information on steps you can take to help protect yourself against potential misuse of personal information about you."
Adobe has also notified banks processing customer payments for Adobe, so that they can work with the payment card companies and card issuing banks to help protect customers' accounts. µ