Earlier this month, we reported on a security breach that supposedly exposed about 2.9 million Adobe customers’ personal info to hackers. As it turns out, it affected way more customers than that. As of right now, Adobe’s reporting that at least 38 million active users were affected.
Basically, what we’re saying is that if you’ve ever used any Adobe product and you use the same password for everything, you’re going to want to change it everywhere (and also not do that anymore).
But just this past weekend, AnonNews.org posted a huge file called “users.tar.gz” that appears to include more than 150 million username and hashed password pairs taken from Adobe. The 3.8 GB file looks to be the same one Hold Security CISO Alex Holden and I found on the server with the other data stolen from Adobe.
“So far, our investigation has confirmed that the attackers obtained access to Adobe IDs and (what were at the time valid), encrypted passwords for approximately 38 million active users,” [Adobe spokesperson Heather Edell] said. “We have completed email notification of these users. We also have reset the passwords for all Adobe IDs with valid, encrypted passwords that we believe were involved in the incident—regardless of whether those users are active or not.”
Reuters reports that Adobe isn’t aware of any attacks against Adobe customers, but its investigation is ongoing.