Adobe said on Thursday that an attacker accessed Adobe customer IDs and passwords on its systems and exposed credit-card information of 2.9 million customers.
Adobe is the maker of Photoshop, Acrobat and other software .
The attackers were able to remove customer names, encrypted credit and debit card numbers, expiration dates and other information related to orders from customers worldwide. The company says it does not believe attackers removed credit and debit card numbers that weren’t encrypted.
As a counter measure, Adobe is resetting passwords of its customers and notifying banks processing adobe customers payments.
The company also says it has also discovered illegal access to the source code of numerous Adobe products and is investigating the issue.
The company says it believes the attacks are related.
Experts say the breach could be a very dangerous phenomenon because malicious code could be inserted into product source code and then distributed to customers in a compiled form.
Also, having access to product source code can allow attackers to identify software vulnerabilities that have been undiscovered to-date, giving them a treasure trove of zero-day exploits against Adobe software.
The company also recommended that any affected customers who use the same password for other sites as they do for Adobe change their login details for those other sites as well to avoid the attackers compromising such accounts too. It said customers whose credit or debit card information was compromised would be offered a year’s membership in a credit monitoring service courtesy of Adobe.
We will work aggressively to prevent these types of events from occurring in the future. Again, we deeply regret any inconvenience this may cause you,” Said Brad Arkin, Adobe’s chief security officer.