Adobe confirms security breach, says credit card data may have been accessed

Damian Dovarganes/AP - This photo illustration shows hands typing on a computer keyboard on Wednesday Feb. 27,2013. Security threats aren't new and have long been part of online life. But the increased attention on them offers a good time to review ways you can protect yourself.

Adobe has confirmed that 2.9 million of its customers may have been affected by a data breach and that the attackers may have had access to its users’ financial information.

The firm said Thursday that it discovered “sophisticated attacks” on its network that accessed customer information, as well as source code for some of its products.

More tech stories

Parking doesn’t have to be a hassle

Parking doesn’t have to be a hassle

Meet the man who wants to make parking in a garage as fun as riding in an Uber.

Big data: A double-edged sword

Big data: A double-edged sword

New information will improve our health and prevent crimes, but uncover skeletons and hurt privacy.

White House updating online privacy policy

White House updating online privacy policy

A new Obama administration privacy policy explains how the government will gather the user data of online visitors to, mobile apps and social media sites, and it clarifies that online comments, whether tirades or tributes, are in the open domain.

Earlier this week, Adobe said that its source code had been accessed, crediting work from journalist Brian Krebs and researcher Alex Holden of Hold Security for helping it respond to the incident. At that time, Adobe said that it was not aware of any exploits being used to target Adobe products as a result of that attack.

On Thursday, the firm said that customer information such as names, encrypted credit or debit card numbers, expiration dates and “other information relating to customer orders” may have been accessed, although it has no evidence that any credit card numbers left its systems.

According to Krebs, the firm first became aware of the breach last week, when he and Holden discovered a large file containing source code on the server of cybercriminals believed to have hacked into the databases of data aggregators including LexisNexis.

After notifying Adobe of the breach, the company told Krebs that it believes its systems were accessed in mid-August and that it has been investigating a possible breach since Sept. 17.

The company has reset the passwords of all customers it believes were affected by the breach, has notified banks that process customer payments for Adobe about the problem, and is alerting customers about that their account may have been accessed. Adobe also said that it is working with federal law enforcement and assisting with an investigation into the breach.

Read what others are saying