Software company Adobe has warned over two million customers that their data may have been accessed by hackers.
The company said yesterday that it believes that hackers accessed customer data stored in its systems, as well as the source code to various Adobe products.
It believes that the attackers stole customer account information including login IDs, encrypted passwords, names, encrypted debit and credit card numbers and expiration dates. Adobe does not think they stole any unencrypted credit or debit card numbers.
Brad Arkin, chief security officer at Adobe, said that cyber attacks are “one of the unfortunately realities of doing business today” given the profile and widespread nature of the company’s products, but that his team would “work aggressively to prevent these types of events from occurring in the future.”
Cyber security news site KrebsOnSecurity reported yesterday that it became aware of the leak a week ago when it was alerted to “huge repositories” of source code for many of Adobe’s products, including ColdFusion and Adobe Acrobat.
Over 40GB-worth of the code was found stashed on a server believed to belong to the same cyber criminals that undertook attacks on LexisNexis and other companies earlier this year.
“Based on our findings to date, we are not aware of any specific increased risk to customers as a result of this incident,” said Arkin in a separate statement on Adobe’s secure software engineering team blog.
He went on to thank journalist Brian Krebs of KrebsOnSecurity and Hold Security, the company that alerted the publication to the source code stash, for their help in responding to the incident.
Hold Security warned that the breach “poses a serious concern to countless businesses and individuals.”
“While we are not aware of specific use of data from the source code, we fear that disclosure of encryption algorithms, other security schemes and software vulnerabilities can be used to bypass protections for individual and corporate data. Effectively, this breach may have opened a gateway for new generation of viruses, malware, and exploits,” it said.