A cyberattack recently launched against Adobe impacted more than ten times the number of users initially estimated.
On October 3, Adobe revealed that it had been the victim of an attack that gained access to Adobe customer IDs and encrypted passwords. At the time, the company said that credit card records and login information for around 3 million users had been stolen. But the number of affected accounts has turned out to be much higher.
The attack actually compromised 38 million active accounts, according to security blog Krebs on Security. Adobe confirmed that number in an e-mail to Krebs.
"So far, our investigation has confirmed that the attackers obtained access to Adobe IDs and (what were at the time valid), encrypted passwords for approximately 38 million active users," Adobe spokeswoman Heather Edell said. "We have completed email notification of these users. We also have reset the passwords for all Adobe IDs with valid, encrypted passwords that we believe were involved in the incident -- regardless of whether those users are active or not."
The attack also gained access to many invalid or inactive Adobe accounts, those with invalid encrypted passwords, and those used as test accounts.
"We are still in the process of investigating the number of inactive, invalid, and test accounts involved in the incident," Edell added. "Our notification to inactive users is ongoing."
CNET contacted Adobe for comment and will update the story with any further details.
Following the initial report of the attack, Adobe reset the passwords on compromised customer accounts and e-mailed those whose accounts were breached and whose credit or debit card information was exposed.
Adobe provides a Customer security alert page with more information on the breach and an option whereby users can change their password.
No comments:
Post a Comment