Adobe Discloses Security Breach Affecting Nearly Three Million Customers

Software company Adobe just disclosed a significant security breach of its systems in which it said customer user names, passwords and credit card numbers may be affected.

“We also believe the attackers removed from our systems certain information relating to 2.9 million Adobe customers, including customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders,” Adobe chief security officer Brad Arkin said in a corporate blog post. He wrote that the company doesn’t believe that the attackers were able to obtain decrypted passwords or credit card information. Affected customers are being notified, the company said. And customer passwords are being reset as a precaution.

The attackers apparently made off with source code for several Adobe products, Arkin wrote. In a separate post on that incident, the company said it is not yet aware of any “specific increased risk to customers.”

The breach came to light and was first reported by Brian Krebs, a security blogger and a former reporter for the Washington Post.

Krebs and security researcher Alex Holden discovered the trove of source code stashed on a server believed to have been used by the same attackers who breached the systems of LexisNexis and Dun and Bradstreet among other companies earlier this year.

Shown screen shots of the code, Adobe admitted to Krebs that it had been investigating the matter since Sept. 17.