Adobe has admitted that 2.9 million customers have had their personal data – including encrypted passwords and payment card numbers – stolen during a hack attack on its website.
Although decrypted debit and credit card data was not removed, Adobe is investigating the illegal access of source code for a raft of its products, including Adobe Acrobat and ColdFusion, which could allow hackers to embed malicious code into billions of computers around the world.
Adobe chief security officer Brad Arkin said: “We deeply regret that this incident occurred. To date, we are not aware of any specific increased risk to customers as a result of this incident.”
However one senior advisor at online security company Sophos told the BBC the attack could be “very serious”. He added: “Billions of computers around the world use Adobe software, so if hackers manage to embed malicious code in official-looking software updates they could potentially take control of millions of machines. This is on the same level as a Microsoft security breach.”
The attack has only just come to light but is part of an investigation led by Internet security specialist Brian Krebs, who discovered a 40GB cache of Adobe source code while investigating attacks on three US data providers, Dun & Bradstreet, Kroll Background America, and LexisNexis.
The same investigation claimed that the personal details of top US personalities – including Jay-Z, Beyonce, Kanye West and Michelle Obama – had been offered for sale on the Internet for as little as $2.50 a record.
Top US stars hit by D&B breach
Foxtons hit by online hack attack
Hacking staff could wind up firm
58m rocked by Ubisoft hack attack
50m hit by LivingSocial hack attack
ICO defends ‘paltry’ £250k Sony fine
EU chief sticks the boot into Sony