We reported on Adobe's announced hack earlier today, where it was thought likely that nothing too serious had been done, but a few encrypted passwords might have been taken. Now we've had further word from Adobe that it's worse; much worse.
The latest revelation, is that over 2.9 million customer details were accessed, including: names, user names, passwords, encrypted credit and debit card numbers, expiration dates and “other information relating to our customers.”
On top of this consumer breach, which understandably isn't going to sit well with Adobe customers, it was also announced that several Adobe products might have been affected and their source code leaked. While the software maker has yet to comment further, Brian Krebs from KrebsonSecurity spoke with Adobe's CSO, Brad Arkin, who said that it seemed likely Adobe Acrobat was one of the affected programs.
Probably best not to use this for a few days
The problem with a source code leak, is that it gives hackers ample opportunity to comb through it to find bugs in the software, which would then be exploited in rapid succession, making it very difficult for a company like Adobe, or indeed anti-viral firms, to respond.
Adobe plans to release security updates for its software on 8th October, but in the mean time is recommending everyone update their passwords and do so elsewhere if that password was used on other accounts too.
KtiGuru Says: Ironically it's the Photoshop pirates that are feeling smug now whilst the paying customers are in Dutch. Does a company like Adobe really need to store customer data?