Adobe has today made its customers aware of a serious security breach that has affected as many as 2.9 million accounts in its database. The sustained attack managed to compromise customer names, encrypted credit card numbers, expiration dates and other customer information. In addition to the theft of customer data, the company also had source code for many of its products stolen during the attack.
On the Adobe website, the company's Chieft Security Officer, Brad Arkin,has issued the following information to customers:
As a precaution, we are resetting relevant customer passwords to help prevent unauthorized access to Adobe ID accounts. If your user ID and password were involved, you will receive an email notification from us with information on how to change your password. We also recommend that you change your passwords on any website where you may have used the same user ID and password.
We are in the process of notifying customers whose credit or debit card information we believe to be involved in the incident. If your information was involved, you will receive a notification letter from us with additional information on steps you can take to help protect yourself against potential misuse of personal information about you. Adobe is also offering customers, whose credit or debit card information was involved, the option of enrolling in a one-year complimentary credit monitoring membership where available.
We have notified the banks processing customer payments for Adobe, so that they can work with the payment card companies and card-issuing banks to help protect customers' accounts.
We have contacted federal law enforcement and are assisting in their investigation.
We are also investigating the illegal access to source code of numerous Adobe products. Based on our findings to date, we are not aware of any specific increased risk to customers as a result of this incident. For more information, please see the blog post here.
If you're an Adobe customer, keep an eye on your inbox over the next 24 hours to see if your account was one of those affected and, if so, follow the instructions on how to change your information.