Adobe loses 2.9m customer IDs and passwords in major attack on website

By Press Association, 4 October 2013 3.52pm.

Adobe has confirmed that private information relating to 2.9 million customers has been stolen in a "sophisticated" attack on its website.

The attackers of Adobe, the maker of Photoshop, accessed customer IDs and encrypted passwords, the company said in a statement on its website.

It added: "We also believe the attackers removed from our systems certain information relating to 2.9 million Adobe customers, including customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders.

"At this time, we do not believe the attackers removed decrypted credit or debit card numbers from our systems."

Brad Arkin, chief security officer at Adobe, said the company "deeply regret" the incident.

The statement also said: "We are also investigating the illegal access to source code of numerous Adobe products. Based on our findings to date, we are not aware of any specific increased risk to customers as a result of this incident."

The company said it is resetting relevant customer passwords to help prevent unauthorised access to Adobe ID accounts.

Customers whose user ID and password were involved will receive an email notification with information on how to change their password.

The company also recommend that people change their passwords on any website where they may have used the same user ID and password.

Chris Petersen, chief technology officer and co-founder of security specialist LogRhythm, said the incident was a "chilling reminder" to all software companies.