Adobe confirms security breach, says credit card data may have been accessed

Damian Dovarganes/AP - This photo illustration shows hands typing on a computer keyboard on Wednesday Feb. 27,2013. Security threats aren't new and have long been part of online life. But the increased attention on them offers a good time to review ways you can protect yourself.

Adobe has confirmed that 2.9 million of its customers may have been affected by a data breach and that the attackers may have had access to its users’ financial information.

The firm said Thursday that it discovered “sophisticated attacks” on its network that accessed customer information, as well as source code for some of its products.

More tech stories

China aims to purge Internet of porn, rumors

China aims to purge Internet of porn, rumors

Critics say the Communist Party’s “clean sky” campaign aims to silence grass-roots voices online and dissent.

The boss who’d put a tiki lounge by your desk

The boss who’d put a tiki lounge by your desk

A chief executive points to research showing that workers who have more fun are most productive.

The role of your gut in allergies

The role of your gut in allergies

Scientists are investigating how common bacteria in our bodies can contribute to allergies.

Earlier this week, Adobe said that its source code had been accessed, crediting work from journalist Brian Krebs and researcher Alex Holden of Hold Security for helping it respond to the incident. At that time, Adobe said that it was not aware of any exploits being used to target Adobe products as a result of that attack.

On Thursday, the firm said that customer information such as names, encrypted credit or debit card numbers, expiration dates and “other information relating to customer orders” may have been accessed, although it has no evidence that any credit card numbers left its systems.

According to Krebs, the firm first became aware of the breach last week, when he and Holden discovered a large file containing source code on the server of cybercriminals believed to have hacked into the databases of data aggregators including LexisNexis.

After notifying Adobe of the breach, the company told Krebs that it believes its systems were accessed in mid-August and that it has been investigating a possible breach since Sept. 17.

The company has reset the passwords of all customers it believes were affected by the breach, has notified banks that process customer payments for Adobe about the problem, and is alerting customers about that their account may have been accessed. Adobe also said that it is working with federal law enforcement and assisting with an investigation into the breach.

Read what others are saying