The Washington Post

Adobe confirms security breach, says credit card data may have been accessed

This photo illustration shows hands typing on a computer keyboard on Wednesday Feb. 27,2013. Security threats aren't new and have long been part of online life. But the increased attention on them offers a good time to review ways you can protect yourself. (Damian Dovarganes/AP)

Adobe has confirmed that 2.9 million of its customers may have been affected by a data breach and that the attackers may have had access to its users’ financial information.

The firm said Thursday that it discovered “sophisticated attacks” on its network that accessed customer information, as well as source code for some of its products.

Earlier this week, Adobe said that its source code had been accessed, crediting work from journalist Brian Krebs and researcher Alex Holden of Hold Security for helping it respond to the incident. At that time, Adobe said that it was not aware of any exploits being used to target Adobe products as a result of that attack.

On Thursday, the firm said that customer information such as names, encrypted credit or debit card numbers, expiration dates and “other information relating to customer orders” may have been accessed, although it has no evidence that any credit card numbers left its systems.

According to Krebs, the firm first became aware of the breach last week, when he and Holden discovered a large file containing source code on the server of cybercriminals believed to have hacked into the databases of data aggregators including LexisNexis.

After notifying Adobe of the breach, the company told Krebs that it believes its systems were accessed in mid-August and that it has been investigating a possible breach since Sept. 17.

The company has reset the passwords of all customers it believes were affected by the breach, has notified banks that process customer payments for Adobe about the problem, and is alerting customers about that their account may have been accessed. Adobe also said that it is working with federal law enforcement and assisting with an investigation into the breach.

Hayley Tsukayama covers consumer technology for The Washington Post.



Success! Check your inbox for details. You might also like:

Please enter a valid email address

See all newsletters

Show Comments
Most Read



Success! Check your inbox for details.

See all newsletters

Your Three. Videos curated for you.
Play Videos
What can babies teach students?
Unconventional warfare with a side of ale
A veteran finds healing on a dog sled
Play Videos
A fighter pilot helmet with 360 degrees of sky
Is fencing the answer to brain health?
Scenes from Brazil's Carajás Railway
Play Videos
How a hacker group came to Washington
The woman behind the Nats’ presidents ‘Star Wars’ makeover
How hackers can control your car from miles away
Play Videos
Philadelphia's real signature sandwich
Full disclosure: 3 bedrooms, 2 baths, 1 ghoul
Europe's migrant crisis, explained

To keep reading, please enter your email address.

You’ll also receive from The Washington Post:
  • A free 6-week digital subscription
  • Our daily newsletter in your inbox

Please enter a valid email address

I have read and agree to the Terms of Service and Privacy Policy.

Please indicate agreement.

Thank you.

Check your inbox. We’ve sent an email explaining how to set up an account and activate your free digital subscription.