Hackers have broken into the network of software company Adobe and accessed not only source code for Adobe products, but data on 2.9m customers, the company revealed as it investigates the breach.
Brad Arkin, chief security officer, wrote on an Adobe blog that the cyberattacks had been carried out very recently and described them as “sophisticated”.
“Our investigation currently indicates that the attackers accessed Adobe customer IDs and encrypted passwords on our systems,” Arkin said in a statement.
“We also believe the attackers removed from our systems certain information relating to 2.9m Adobe customers, including customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders.”
Arkin added that Adobe doesn’t believe the hackers removed decrypted credit or debit card numbers from its systems.
Adobe also said there had been an illegal access of its source code for Adobe Acrobat, ColdFusion, ColdFusion Builder and other software. It said it was unaware of any specific increased risk to customers as a result of this breach.
The company is resetting relevant customer passwords to help prevent unauthorised access to Adobe ID accounts. Customers whose ID and password were affected by the breach will receive an email notification from Adobe with information on how to change their password.
Adobe also recommends that customers change their passwords on any website where they may have used the same user ID and password.
The company is also notifying customers whose credit or debit card information it believes to be involved in the breach and is providing them with steps they can take to help protect themselves against the potential misuse of their personal information.
“We deeply regret that this incident occurred,” Arkin said. “We’re working diligently internally, as well as with external partners and law enforcement, to address the incident.”