A cyberattack launched against Adobe affected more than 10 times the number of users initially estimated.
On October 3, Adobe revealed that it had been the victim of an attack that exposed Adobe customer IDs and encrypted passwords. At the time, the company said that hackers gained access to credit card records and login information for around 3 million users. But the number of affected accounts has turned out to be much higher.
The attack actually involved 38 million active accounts, according to security blog Krebs on Security. Adobe confirmed that number in an e-mail to Krebs.
“So far, our investigation has confirmed that the attackers obtained access to Adobe IDs and (what were at the time valid), encrypted passwords for approximately 38 million active users,” Adobe spokeswoman Heather Edell said. “We have completed e-mail notification of these users. We also have reset the passwords for all Adobe IDs with valid, encrypted passwords that we believe were involved in the incident — regardless of whether those users are active or not.”
The attack also gained access to many invalid or inactive Adobe accounts — those with invalid encrypted passwords and those used as test accounts.
“We are still in the process of investigating the number of inactive, invalid, and test accounts involved in the incident,” Edell added. “Our notification to inactive users is ongoing.”
CNET contacted Adobe for comment and will update the story with any further details
Following the initial report of the attack, Adobe reset the passwords on compromised customer accounts and sent e-mails to those whose accounts were breached and whose credit card or debit card information was exposed.
Adobe has posted a customer security alert page with more information on the breach and an option whereby users can change their passwords.
Source Article from http://news.cnet.com/8301-1009_3-57609753-83/adobe-hack-attack-affected-38-million-accounts/?part=rss&tag=feed&subj=News-Security&Privacy
Adobe hack attack affected 38 million accounts
CNET News – Security & Privacy