The company disclosed today that an attack on one of its servers had resulted in the theft of encrypted account data for 2.9 million users, as well as the source code to “a number of Adobe products,” including Acrobat, ColdFusion and ColdFusion Builder.
The unknown attacker or attackers got their hands on usernames, names associated with those users’ payment methods, encrypted passwords, encrypted credit and debit card numbers and expiration dates. It’s not clear yet how the company encrypted users’ passwords and financial data, and how secure that data is now that it’s in the hands of a third party.
Adobe says it will be contacting those people who were affected by the hack, give them an opportunity to reset the password on their Adobe account and will provide them with information about how to protect whatever financial info may have been taken, if any.
In addition, Adobe said it believes the loss of its source code does not open consumers up to any additional security risk, and at this point does not open users up to any new zero-day exploits.
This is a massive breach for Adobe, which is going to be in the position of storing more and more customer financial data if people continue to migrate over to the company’s subscription-based Creative Cloud service.