Adobe today announced that hackers have managed to obtain information on approximately 2.9 million of its customers that have downloaded its software, including customer IDs, encrypted passwords, customer names, encrypted credit/debit card numbers, expiration dates, and other information on customer orders.
Adobe does not believe that the attackers were able to obtain decrypted credit or debit card numbers from its system, and is currently working with external partners and law enforcement to address the issue.
As a precautionary measure, Adobe is contacting users with affected accounts, initiating password resets. The company is also offering customers that had their credit or debit card information accessed the option of enrolling in a one-year complimentary credit monitoring service.
As a precaution, we are resetting relevant customer passwords to help prevent unauthorized access to Adobe ID accounts. If your user ID and password were involved, you will receive an email notification from us with information on how to change your password. We also recommend that you change your passwords on any website where you may have used the same user ID and password.
We are in the process of notifying customers whose credit or debit card information we believe to be involved in the incident. If your information was involved, you will receive a notification letter from us with additional information on steps you can take to help protect yourself against potential misuse of personal information about you. Adobe is also offering customers, whose credit or debit card information was involved, the option of enrolling in a one-year complimentary credit monitoring membership where available.
We have notified the banks processing customer payments for Adobe, so that they can work with the payment card companies and card-issuing banks to help protect customers’ accounts.
We have contacted federal law enforcement and are assisting in their investigation.
In addition to customer accounts, the hackers also accessed the source code of a number of Adobe products, but Adobe says that it is unaware of any increased risk to customers as a result of that particular attack.