Skip to main content

Huge Adobe Data Breach Gets Even Worse

Information-security blogger Brian Krebs, who broke the news earlier this month that Adobe had suffered a massive data breach, now says the situation is much worse than it initially appeared.

Krebs discovered, and an Adobe spokeswoman confirmed, that the breach affected at least 38 million, and possibly as many as 150 million, Adobe user accounts.

The hackers who accessed Adobe's servers made off with at least part of the source code for Photoshop, Adobe's flagship software product.

MORE: 7 Ways to Lock Down Your Online Privacy

Previously, Adobe had said 2.9 million user accounts, including names and encrypted credit-card numbers, had been exposed, and that source code for Acrobat (used to create PDFs) and ColdFusion and ColdFusion Builder (used to build database-driven websites) had been stolen.

It's hard to tell what, exactly, was stolen from Adobe because the huge data set — 40 gigabytes even after compression — that Krebs and fellow researcher Alex Holden of Hold Security examined was partly encrypted by the thieves.

But since Krebs' initial disclosure of the breach, decrypted versions of some of the data have appeared on hacker websites and forums.

One decrypted file is a 3.8-gigabyte list of more than 150 million usernames and encrypted passwords for Adobe user accounts.

Adobe spokeswoman Heather Edell told Krebs that because many of those accounts were inactive, invalid, duplicated or test accounts, the number of active users affected by the release of that file was closer to 38 million.

Another file that Krebs and Holden weren't able to get into was titled "ph1.tar.gz." This past weekend, Krebs says, that same file, in an unencrypted form, was posted on a website affiliated with the hacktivist movement Anonymous. The file appears to be the source code for Adobe Photoshop.

"A portion of Photoshop source code was accessed by the attackers as part of the incident Adobe publicly disclosed on Oct. 3," Edell told Krebs.

The Adobe data was stolen in August by a group of professional information thieves who had previously broken into servers containing data belonging to the commercial data brokers LexisNexis, Dun & Bradstreet and Kroll Background America.

The thieves had already set up their own data brokerage, called SSNDOB, selling Social Security numbers and dates of birth of U.S. residents to online criminals.

Most of SSNDOB's clients kept quiet, but teenage pranksters belonging to the UGNazi hacktivist group used the service's stolen personal data to fraudulently buy credit reports on several dozen celebrities and politicians, including Michelle Obama, Donald Trump and Kim Kardashian. UGNazi then posted the credit reports online in March and April of this year.

This past summer, rival hackers broke into SSNDOB's servers, stole much of the criminal enterprise's files and posted them online. Clues in those files led Krebs and Holden to the cache of stolen Adobe data.

Adobe had previously said it was resetting the passwords for the initial 2.9 million user accounts thought to have been exposed and offering a year of free credit monitoring for those affected customers.

Ironically, as Krebs pointed out, that free credit monitoring is being provided by Experian, which also sold the credit reports of politicians and celebrities to the UGNazi pranksters.

If you believe your information might be at risk due to the Adobe breach, change your Adobe account password right away, whether or not Adobe contacts you. It's likely that more revelations will come as more of the Adobe files are decrypted.

If you used the Adobe password for other accounts, change those passwords as well, preferably to something you don't use anywhere else.

You may also want to ask the Big Three credit bureaus — Equifax, Experian and TransUnion — to place a fraud alert on your files, so that no one else will be able to open an account in your name for three months.

Follow Paul Wagenseil at @snd_wagenseil. Follow Tom's Guide at @tomsguide, on Facebook and on Google+.