The massive attack exposes customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders.
Adobe announced on Thursday that it has been the target of a major security breach in which sensitive and personal data about millions of its customers have been put at risk.
Brad Arkin, senior director of security for Adobe products and services, explained in a blog post that the attack concerns both customer information and illegal access to source codes for “numerous Adobe products.”
A few examples include Adobe Acrobat, ColdFusion, and the ColdFusion Builder. However, as far as the source code is concerned, Adobe assured that there is no “increased risk to customers as a result of this incident.”
Adobe officials added that the investigation has not turned up any zero-day attacks either.
Unfortunately, the culprits have obtained access to a large swath of Adobe customer IDs and encrypted passwords.
Arkin specified that removed sensitive information (i.e. names, encrypted credit or debit card numbers, expiration dates, etc.) about approximately 2.9 million Adobe customers.
He added that investigators don’t “believe the attackers removed decrypted credit or debit card numbers” from Adobe’s systems.
While federal law officials are involved, Adobe stressed that there are some precautions that customers need to take action on now.
Adobe is resetting the passwords on breached Adobe customer IDs, and users will receive an email if they are affected. The software giant is also currently notifying customers whose credit or debit card information was exposed.
Adobe has also promised to offer these customers with the option of enrolling in a one-year complimentary credit monitoring membership where available.
This story originally appeared as “Adobe admits 2.9M customer accounts have been compromised” on ZDNet.