Company says customer banking data was not accessed, but reports that source code for Acrobat, ColdFusion, and ColdFusion Builder was stolen.
Adobe announced today that one of its servers has been hacked, resulting in the personal information of 2.9 million customers being leaked as well as source code theft.
The organization said that hackers were able to access information belonging to 2.9 million customers that include their Adobe IDs, names, encrypted credit or debit card numbers and order information. Adobe has clarified that customers’ decrypted bank data was not accessed, and is offering a year’s worth of free credit monitoring to affected users. Adobe is sending out mails notifying affected users to reset their login credentials. It is also alerting banks and seeking additional assistance from federal law enforcement agencies.
Adobe admitted that hackers were able to obtain the source code for at least three of its services: Acrobat, ColdFusion, and ColdFusion Builder. The incident was brought to light by security researcher Brian Krebs, who in collaboration with another researcher Alex Holden found 40 GB of Adobe source code online on a server that is alleged to belong to the same hackers that were behind the theft of data from legal records agency LexisNexis. It is believed that the hackers accessed the Adobe source code sometime mid-August.
“We value the trust of our customers. We will work aggressively to prevent these types of events from occurring in the future,” Brad Arkin, Chief Security Officer at Adobe, said in a statement. As for enhancing security measures on Adobe’s services in the future, he said, “We’re still at the brainstorming phase to come up with ways to provide higher level of assurance for the integrity of our products, and that’s going to be a key part of our response.”