The number of breached user details in the recent Adobe attack could have impacted up to 38 million people, equivalent to the population of Poland.
After the company announced it has suffered the attack, when security blogger Brian Krebs discovered 40GB of source code, which appeared to be uncompiled and complied code for ColdFusion and Adobe Acrobat, Adobe confirmed that it had been working on an investigation into a potentially broad-ranging breach into its networks since 17th September.
While it initially said that credit card and other data on approximately 2.9 million customers was taken, as well as an as-yet-undetermined number of user names and passwords that customers use to access various parts of the Adobe customer network, it has now emerged that up to 38 million users could be impacted.
In a fresh post, Krebs said that a file posted by AnonNews.org appeared to include more than 150 million username and hashed password pairs taken from , which the company confirmed were “active” users. Adobe said: “We have completed email notification of these users. We also have reset the passwords for all Adobe IDs with valid, encrypted passwords that we believe were involved in the incident—regardless of whether those users are active or not.”
Adobe also believe that the attackers also obtained access to many invalid Adobe IDs, inactive Adobe IDs, Adobe IDs with invalid encrypted passwords, and test account data, which it is in the process of investigating.
