Adobe has notified users through a post on its company blog that has been hacked, detecting a number of "sophisticated attacks" on its network that accessed Adobe products' source code as well as some user account information for roughly three million users. The company says that credit and debit card numbers stolen in the attack were encrypted, and that it believes any decrypted payment information was not copied or removed.
Customer names, expiration dates and order information were obtained by the attackers, and Adobe said they will be "resetting relevant customer passwords to help prevent unauthorized access to Adobe ID accounts." If a given user's ID and password were involved, the company said it will send an email with information on how to change the password. "We also recommend that you change your passwords on any website where you may have used the same user ID and password," Adobe Chief Security Officer Brad Arkin wrote.
"We are in the process of notifying customers whose credit or debit card information we believe to be involved in the incident," Arkin said. "If your information was involved, you will receive a notification letter from us with additional information on steps you can take to help protect yourself against potential misuse of personal information about you. Adobe is also offering customers, whose credit or debit card information was involved, the option of enrolling in a one-year complimentary credit monitoring membership where available."
The company is also notifying all banks that process customer payments for Adobe of the breach to help protect customer accounts. Federal law enforcement agencies have also been contacted, and Adobe says it is assisting in their investigations. While saying that "cyber attacks are one of the unfortunate realities of doing business today," Arkin said the company "deeply regrets" that the incident occurred, and that "we will work aggressively to prevent these types of events from occurring in the future."