Adobe Systems (NASDAQ:ADBE) has a security mess on its hands following a cyber break-in that the company admitted to earlier this month — unlike 1995 film Hackers, though, this hack was anything but righteous. Previous reports of the attack on company data seem to have downplayed the damage, now estimated to have penetrated more than 38 million customer accounts, according to Reuters.
When the breach was publicized on October 3, Adobe said that data like credit card info were taken from only around 3 million customer accounts. The company added that Adobe IDs and encrypted passwords stored on a different database had also been accessed, but did not give numbers or estimated damages on that information.
According to Heather Edell, a spokeswoman for Adobe who spoke to Reuters, the perpetrators found “many invalid Adobe IDs, inactive Adobe IDs, Adobe IDs with invalid encrypted passwords and test account data.” Source code was also stolen, notably from Photoshop software, Acrobat, ColdFusion, and ColdFusion Builder.
Edell noted that Adobe is currently still contacting the users who will be affected and looking into all system breaches in more detail. “Our investigation is still ongoing. We anticipate the full investigation will take some time to complete,” she said to Reuters, allowing that while Adobe is not aware of any unusual or suspicious activity on accounts following the break-in, that doesn’t mean credit card information and passwords are not being used in follow-up attacks.
According to Ars Technica, the publicity service PR Newswire may have been the victim of the same individuals behind the Adobe hack in a data invasion in March. PR Newswire reported that it would begin efforts to contact customers earlier this month, with recommendations on who should change their passwords.
While PR Newswire also says its investigations are not complete, the company did note that the biggest customer groups affected were in regions of Europe, the Middle East, Africa, and India. Chief Information Security Officer Alex Holden from Hold Security LLC said to Reuters that users of PR Newswire would make fiscally tempting targets for hackers wanting to mess with financial markets.