Adobe has confirmed that customer information for 2.9 million users, including passwords and credit card details, and source code for some of its products have been stolen from its network. If you've ever purchased a product from Adobe online, it's time to change your password.
According to Adobe's online FAQ, the attackers gained access to account details for 2.9 million customers. The data was in encrypted form, and Adobe suggests it hasn't been decrypted yet, but advises customers to reset their passwords as a precaution.
Customers who were in the affected list or who have credit card details registered with Adobe will be sent an email advising them to change their password. We'd advise starting the process yourself from the Adobe web site, since it's almost inevitable scammers will send copycat phishing emails in the near future.
The attackers gained access to source code for Adobe's Acrobat Reader PDF software and ColdFusion web development platform, though we don't know which version and there has been no evidence of attacks using the knowledge gained from that code so far. It's not yet clear whether source code for other products was accessed; Adobe's statement suggests there is a "possibility" this happened.
The attacks were first revealed by Brian Krebs. It's an unwelcome development for Adobe, given that it has heavily promoted its subscription-based Creative Cloud services as a future direction for the company.
In Australia, the company has also come under heavy fire for its high prices relative to the US. Its reaction to the latest attack rather underscores its America-centric approach; US customers affected by the hack are being offered free membership in a credit monitoring service, but no similar arrangements have been made for other customers.