The massive breach of Adobe’s security uncovered earlier this month is dramatically worse than originally reported. The initial report that hackers had stolen almost 3 million encrypted customer credit card records and an unknown amount of login data finally has a number attached: 38 million.
(What was reported earlier: Adobe deals with data breach affecting 2.9 million customers)
According to Krebs on Security, Adobe’s investigation into the breach revealed compromised IDs and passwords of approximately 38 million active users, and that many invalid and inactive user IDs, passwords and account data were also compromised.
The initial breach also included the theft of Adobe product source code for Acrobat, Reader and the ColdFusion Web application platform. Now it appears the theft also included one of Adobe’s crown jewels: Photoshop.
Over the weekend, independent news aggregator AnonNews posted an anonymous 3.8GB file titled “users.tar.gz,” which contained not only 150 million Adobe usernames and passwords, but also a 2.56GB file that appeared to be Adobe source code.
Krebs interviewed Adobe spokesperson Heather Edell, who confirmed that 38 million active users were compromised, and that a portion of Photoshop source code was accessed by cybercriminals.
Adobe’s investigation into the full extent of the breach is still ongoing.