The Washington Post

Adobe confirms security breach, says credit card data may have been accessed

This photo illustration shows hands typing on a computer keyboard on Wednesday Feb. 27,2013. Security threats aren't new and have long been part of online life. But the increased attention on them offers a good time to review ways you can protect yourself. (Damian Dovarganes/AP)

Adobe has confirmed that 2.9 million of its customers may have been affected by a data breach and that the attackers may have had access to its users’ financial information.

The firm said Thursday that it discovered “sophisticated attacks” on its network that accessed customer information, as well as source code for some of its products.

Earlier this week, Adobe said that its source code had been accessed, crediting work from journalist Brian Krebs and researcher Alex Holden of Hold Security for helping it respond to the incident. At that time, Adobe said that it was not aware of any exploits being used to target Adobe products as a result of that attack.

On Thursday, the firm said that customer information such as names, encrypted credit or debit card numbers, expiration dates and “other information relating to customer orders” may have been accessed, although it has no evidence that any credit card numbers left its systems.

According to Krebs, the firm first became aware of the breach last week, when he and Holden discovered a large file containing source code on the server of cybercriminals believed to have hacked into the databases of data aggregators including LexisNexis.

After notifying Adobe of the breach, the company told Krebs that it believes its systems were accessed in mid-August and that it has been investigating a possible breach since Sept. 17.

The company has reset the passwords of all customers it believes were affected by the breach, has notified banks that process customer payments for Adobe about the problem, and is alerting customers about that their account may have been accessed. Adobe also said that it is working with federal law enforcement and assisting with an investigation into the breach.

Hayley Tsukayama covers consumer technology for The Washington Post.
Show Comments

To keep reading, please enter your email address.

You’ll also receive from The Washington Post:
  • A free 6-week digital subscription
  • Our daily newsletter in your inbox

Please enter a valid email address

I have read and agree to the Terms of Service and Privacy Policy.

Please indicate agreement.

Thank you.

Check your inbox. We’ve sent an email explaining how to set up an account and activate your free digital subscription.