Adobe Hack: At Least 39 Million Users Affected, Photoshop Source Code Stolen

More details have come to light regarding the recent Adobe hack. Initially, the company said the details of only 2.9 million customers were stolen. However, it appears the actual number is much bigger.

When Brian Krebs and Alex Holden came across the details of Adobe customers and the source code for several of the company’s products, they found a 2.5 Gb password-protected file. At the time, they couldn’t crack the password so its content remained a mystery.
However, this past weekend, a version of the file that wasn’t protected by a password was posted on AnonNews.org, an uncensored news platform operated by the members of the Anonymous movement. The file, users.tar.gz, contains what appear to be the usernames and hashed passwords of over 150 million users.

According to Adobe representatives, many of the IDs obtained by the attackers are inactive, invalid, and test accounts. The company is currently in the process of determining their exact number.

“So far, our investigation has confirmed that the attackers obtained access to Adobe IDs and (what were at the time valid), encrypted passwords for approximately 38 million active users,” Adobe spokesperson Heather Edell told Krebs.

“We have completed email notification of these users. We also have reset the passwords for all Adobe IDs with valid, encrypted passwords that we believe were involved in the incident—regardless of whether those users are active or not.”

In addition, it appears the cybercriminals have also managed to steal source code for Adobe Photoshop. Initially, it was believed that only Acrobat, Reader and ColdFusion source code was compromised. Adobe has confirmed that at least some of the Photoshop source code has been stolen.

The company has contacted AnonNews.org to have the files removed from the website.