AnonNews.org this weekend posted a 3.8 GB file listing over 150 million Adobe account usernames and hashed passwords stolen in the late September breach that came to light Oct. 3, reports Krebs Online Security. 38 million users were directly affected and have already been contacted by Adobe to change their passwords. That figure is above and beyond the 2.9 million accounts whose encrypted credit card information was stolen. The breach, it is now known, also included stolen source code for more of Adobe's programs than previously believed.
Adobe is still advising Adobe account users to change their passwords for all of their products. If you use the same password for non-Adobe products, change those as well. As we reported when the breach first occurred, you can also take advantage of Adobe's offer to enroll for a free year of credit reporting through Experian if your credit card information was affected. Adobe should have already contacted you if that is the case.
The breach also included source data for the Photoshop line of products. This is in addition to Adobe Acrobat and Reader and the ColdFusion Web application platform, which were already known to have been compromised. Source code for Photoshop was also posted to AnonNews.org. Adobe has already contacted the sites linked to from that site and had the files removed.
Adobe has been very forthcoming about the debacle. "So far, our investigation has confirmed that the attackers obtained access to Adobe IDs and (what were at the time valid), encrypted passwords for approximately 38 million active users," Adobe spokesperson Heather Edell stated. "We have completed email notification of these users. We also have reset the passwords for all Adobe IDs with valid, encrypted passwords that we believe were involved in the incident—regardless of whether those users are active or not." She also confirmed the Photoshop source code breach.
SOURCE: Krebs Online Security