Acrobat Attack: Adobe Hacked & Ransacked, 2.9M Users Affected

Alicé Leuchte | October 4, 2013

Adobe Systems (the makers of Acrobat and Photoshop), sent out an email overnight instructing customers to change their passwords and monitor their accounts for suspicious activity.  Their email said, in part:

We recently discovered that attackers illegally entered our network. The attackers may have obtained access to your Adobe ID and encrypted password. We currently have no indication that there has been unauthorized activity on your account. If you have placed an order with us, information such as your name, encrypted payment card number, and card expiration date also may have been accessed. We do not believe any decrypted card numbers were removed from our systems.

To prevent unauthorized access to your account, we have reset your password. Please visit to create a new password. We recommend that you also change your password on any website where you use the same user ID or password. As always, please be cautious when responding to any email seeking your personal information.

We also recommend that you monitor your account for incidents of fraud and identity theft, including regularly reviewing your account statements and monitoring credit reports. If you discover any suspicious or unusual activity on your account or suspect identity theft or fraud, you should report it immediately to your bank. You will be receiving a letter from us shortly that provides more information on this matter.

Apparently, Adobe has been hacked.  Adobe Chief Security Officer Brad Arkin said that the company didn’t know the specific risk to customers, but that:

The company… was resetting passwords for affected customers worldwide and warning people to change any passwords reused at other sites. The US Department of Homeland Security’s computer incident response team on Thursday warned that Adobe customers should be on the alert for fraud.

The Business Today article breaks down the context of the situation explaining that not only has 2.9 million customers’ sensitive information been compromised, but the ‘attackers’ also made off with source code to one of their most proprietary products: Adobe Acrobat.

While Adobe isn’t sure about the specific consequences to this attack, they do think there is a possibility this incident could prove adverse for customers whose information had been stolen – including names, encrypted credit/debit card numbers, expiration dates and other data.

The Wall Street Journal clarified that Adobe doesn’t believe decrypted credit/debit card information has been accessed, and that this email was sent out to the affected customers.  It probably isn’t a good thing that I am writing this article, as I first found out about the ‘Acrobat attack’ by checking my inbox.