Adobe today announced that hackers have managed to obtain information on approximately 2.9 million of its customers that have downloaded its software, including customer IDs, encrypted passwords, customer names, encrypted credit/debit card numbers, expiration dates, and other information on customer orders.

adobe_creative_cloud_feature
Adobe does not believe that the attackers were able to obtain decrypted credit or debit card numbers from its system, and is currently working with external partners and law enforcement to address the issue.

As a precautionary measure, Adobe is contacting users with affected accounts, initiating password resets. The company is also offering customers that had their credit or debit card information accessed the option of enrolling in a one-year complimentary credit monitoring service.

As a precaution, we are resetting relevant customer passwords to help prevent unauthorized access to Adobe ID accounts. If your user ID and password were involved, you will receive an email notification from us with information on how to change your password. We also recommend that you change your passwords on any website where you may have used the same user ID and password.

We are in the process of notifying customers whose credit or debit card information we believe to be involved in the incident. If your information was involved, you will receive a notification letter from us with additional information on steps you can take to help protect yourself against potential misuse of personal information about you. Adobe is also offering customers, whose credit or debit card information was involved, the option of enrolling in a one-year complimentary credit monitoring membership where available.

We have notified the banks processing customer payments for Adobe, so that they can work with the payment card companies and card-issuing banks to help protect customers’ accounts.

We have contacted federal law enforcement and are assisting in their investigation.

In addition to customer accounts, the hackers also accessed the source code of a number of Adobe products, but Adobe says that it is unaware of any increased risk to customers as a result of that particular attack.

Top Rated Comments

nagromme Avatar
154 months ago
Hmmm.... I wonder if there's a business model where we can get paid again and again forever whether we fix bugs or not, and EVEN if our updates are not very useful ones. One where we're under NO pressure to make our software great, because it won't affect our income. One where we can be paid for apps we let stagnate, alongside the ones we still work on. One where our customers' own creative work is held to monthly ransom, ready for us to lock them out at any time. One where we load their machines with layers of buggy crapware and updaters. And one where we keep ALL our users' credit card numbers on file forever!

�� I think I have an idea!
Score: 21 Votes (Like | Disagree)
thejadedmonkey Avatar
154 months ago
Maybe the hackers can release a version of Adobe Acrobat that isn't full of security holes :rolleyes:
Score: 17 Votes (Like | Disagree)
brianbobcat Avatar
154 months ago
Yet another good reason I'm not on the cloud. Adobe: "Hey, hackers may have gotten your credit card, and we're not gonna give you any free months of CC. Keep an eye on your own credit card." Greedy bastards!
Score: 13 Votes (Like | Disagree)
mrxak Avatar
154 months ago
Silly question but. If hackers got Adobe ID's and passwords whats to keep them from changing the password ?
They got encrypted passwords, which are useless without decryption.
Specifically, the passwords are stored in a hash. What happens is you select your password and Adobe takes that password, does some math to it, then stores the resulting hash in their database somewhere, rather than storing your actual password. Then, when you enter your password to log in, it does the same math on it, and compares the result to the hash they have stored in the database. If the two hashes are the same, it knows you entered your password and it lets you in. If somebody gets the hash straight off their database, as would seem to be the case here, that doesn't help an attacker know what password to type in when they want to log in with your account, unless they can reverse engineer the hash algorithm. So, it really depends on what kind of hash algorithm they used for their database, as to how secure your password actually is.

Generally, it's a good idea to have everyone change their password anyway, just in case the algorithm eventually proves to be vulnerable to attack, or an attacker is properly motivated and willing to spend enough time to crack your password. Some hashes still in use today are considered vulnerable, though, so attackers may very well already be crunching through the hashes and getting plaintext passwords. One can hope Adobe is using a more secure hash, but plenty of big companies have used insecure algorithms in the past.

Hashes are designed not to be reversible, unlike regular encryption designed for actual decrypting at some point, but if the algorithm is known it's possible to simply use it to hash a bunch of password guesses, and then compare those guesses to the hashed passwords. Just search through the database for hashes you've made yourself, and you know the password for each of the accounts with the same password hash. It's essentially a dictionary attack, but it bypasses whatever system Adobe uses to prevent unlimited repeated invalid password entries (like locking your account after a certain number of attempts, or adding delays to the algorithm/webpage so it would take a prohibitively long time to try every possible password).

One method of preventing lookup table attacks like the above is to add a "salt" to the password before it's hashed so the result in the database isn't something the attacker can generate for a table without knowing the salt. Any old salt won't do, though. It needs to be a cryptographically-secure pseudo-random number, unique to each account, never reused when a user changes their password, and long enough that an attacker can't simply make as many tables as there are possible salts. Bear in the mind, the salt still has to be stored alongside the hash in order to authenticate a user, so an attacker knows the salt to use. But, by using a nice long pseudorandom salt for every individual password, each individual password needs a separate lookup table to brute force. Dictionary attacks are still possible if the hash algorithm and salt method is known, but take incredibly long amounts of time to crack the whole database and incredibly large amounts of storage. Against a single specific user, their password may be discovered, but only that one user, and only if they used a guessable password, and each single specific user will require a separate attack. In other words, they're still doing an ordinary dictionary attack, and the usual rules about making your passwords resistant to dictionary attacks apply. Properly salted passwords hashed with a modern secure algorithm are simply not feasible to extract from a database like this, en masse, but it's still a good idea for everyone to change their passwords. It's also a good idea to change any other passwords you have if you've made the common error of reusing passwords on multiple sites.
Score: 12 Votes (Like | Disagree)
dumastudetto Avatar
154 months ago
Maybe the hackers can release a version of Adobe Acrobat that isn't full of security holes :rolleyes:

Hackers are good but they aren't miracle workers.
Score: 8 Votes (Like | Disagree)
kylepro88 Avatar
154 months ago
Here come the "This is why subscription service sucks" posts...

Either way, bummer. :/
Score: 8 Votes (Like | Disagree)

Popular Stories

iphone 16 pro ghost hand

5 Reasons to Skip This Year's iPhone 17 Pro

Thursday July 10, 2025 4:54 am PDT by
Apple will launch its new iPhone 17 series in two months, and the iPhone 17 Pro models are expected to get a new design for the rear casing and the camera area. But more significant changes to the lineup are not expected until next year, when the iPhone 18 models arrive. If you're thinking of trading in your iPhone for this year's latest, consider the following features rumored to be coming...
apple wallet drivers license feature iPhone 15 pro

Apple Says iPhone Driver's Licenses Will Expand to These 8 U.S. States

Tuesday July 8, 2025 11:26 am PDT by
In select U.S. states, residents can add their driver's license or state ID to the Wallet app on the iPhone and Apple Watch, providing a convenient and contactless way to display proof of identity or age at select airports and businesses, and in select apps. Unfortunately, this feature continues to roll out very slowly since it was announced in 2021, with only nine U.S. states, Puerto Rico,...
iPhone 17 Pro in Hand Feature Lowgo

iPhone 17 Pro to Reverse iPhone X Design Decision

Monday July 7, 2025 9:46 am PDT by
Since the iPhone X in 2017, all of Apple's highest-end iPhone models have featured either stainless steel or titanium frames, but it has now been rumored that this design decision will be coming to an end with the iPhone 17 Pro models later this year. In a post on Chinese social media platform Weibo today, the account Instant Digital said that the iPhone 17 Pro models will have an aluminum...
iPhone 17 Pro in Hand Feature Lowgo

Leaker Reveals Amount of RAM in iPhone 17 Through iPhone 17 Pro Max

Wednesday July 9, 2025 8:08 am PDT by
Three out of four iPhone 17 models will feature more RAM than the equivalent iPhone 16 models, according to a new leak that aligns with previous rumors. The all-new iPhone 17 Air, the iPhone 17 Pro, and the iPhone 17 Pro Max will each be equipped with 12GB of RAM, according to Fixed Focus Digital, an account with more than two million followers on Chinese social media platform Weibo. The...
apple account card feature

Apple Account Card Expanding to More Countries

Tuesday July 8, 2025 7:34 pm PDT by
Apple is expanding the ability to add an Apple Account Card to the Wallet app to more countries, according to backend Apple Pay changes. With iOS 15.5, Apple updated the Wallet app to allow users to add an Apple Account Card, which displays the Apple credit balance associated with an Apple ID. If you receive an Apple gift card, for example, it is added to an Apple Account that is also...
macbook pro blue green

M5 MacBook Pro No Longer Coming in 2025

Thursday July 10, 2025 12:38 pm PDT by
Apple does not plan to refresh any Macs with updated M5 chips in 2025, according to Bloomberg's Mark Gurman. Updated MacBook Air and MacBook Pro models are now planned for the first half of 2026. Gurman previously said that Apple would debut the M5 MacBook Pro models in late 2025, but his newest report suggests that Apple is "considering" pushing them back to 2026. Apple is now said to be...
iOS 26 Feature

Everything New in iOS 26 Beta 3

Monday July 7, 2025 1:20 pm PDT by
Apple is continuing to refine and update iOS 26, and beta three features smaller changes than we saw in beta 2, plus further tweaks to the Liquid Glass design. Apple is gearing up for the next phase of beta testing, and the company has promised that a public beta is set to come out in July. Transparency In some apps like Apple Music, Podcasts, and the App Store, Apple has toned down the...
iCloud General Feature Redux

iPhone Users Who Pay for iCloud Storage Receive These Five Perks

Wednesday July 9, 2025 9:20 am PDT by
If you pay for iCloud storage on your iPhone, did you know that Apple offers you five perks beyond the extra storage space, at no additional cost? Here are the perks included with all iCloud+ plans:Private Relay keeps your Safari browsing history entirely private from network providers, websites, and even Apple. Hide My Email generates unique, random email addresses whenever needed. Hom...
Foldable iPhone 2023 Feature 1

Foldable iPhone Display Production Begins Ahead of Launch Next Year

Wednesday July 9, 2025 10:59 pm PDT by
Production of foldable OLED displays for Apple's first foldable iPhone have begun ahead of its expected launch next year, Korea's ETNews reports. The first foldable iPhone's displays are being produced by Samsung Display, who are establishing a production line dedicated to the upcoming Apple device its A3 factory in Asan, Chungcheongnam-do. The production line will make displays exclusively...