At the start of the month the software-maker said that encrypted credit and debit card numbers, product expiration dates and other information relating to customer orders from 2.9 million accounts had been obtained through hacking.
It is now believed usernames and encrypted passwords have been stolen from about 38 million of Adobe’s active users, with details from an unspecified number of accounts unused for two or more years also accessed.
A spokeswoman for Adobe defended the fact its initial statement did not reveal the full scale of the issue.
“In our public disclosure, we communicated the information we could validate,” she said. “As we have been going through the process of notifying customers whose Adobe IDs and passwords we believe to be involved, we have been eliminating invalid records. Any number communicated in the meantime would have been inaccurate.”
The original statement revealed that the hackers also stole parts of the source code to Photoshop, information which could allow programmers to analyse how Adobe’s software works and copy its techniques.
These revelations followed on from ones that the source code for Adobe’s Acrobat PDF document-editing software and ColdFusion web application creation products had also been illegally accessed.
Regarding the latest revelations, Adobe reiterated that it thought only customer IDs and encrypted passwords have been affected for the additional 35.1 million users.
Though Adobe has since reset all passwords, Bill Greenwood, freelance colour control and print productions specialist, has warned that printers should take this opportunity to think carefully about password security in general.
“When the email first came out the first thing I did was change my password,” said Greenwood. “People need to look at passwords in general. How many people use the same password for their mail as their online banking or something else? People need to be aware of security and how they should have different passwords for every system.”
He added: “Companies need to look at this and say ‘is it time for me to now start seriously looking into online security issues?’ If a big company like Adobe with all the amount they put into their systems is hacked, it can happen to anyone. It’s a further nudge to make sure you get your house in order.”
The Adobe hacking revelations have followed the vendor moving several of its products to a cloud-based subscription model in May, meaning some customers could end up paying more.
Though these revelations will further anger those printers already annoyed at these changes, this is unlikely to impact Adobe take-up in the print industry too significantly, believed Greenwood.
He said: “It’s not a good situation, and you do think ‘are you going to trust these companies?’ But I don’t think this will be worrying the print community too much. Adobe can be a pain to deal with but they’re a lot better than other companies the print community has had to deal with in the past.
“You can say Adobe didn’t have the right measures in place, but I’m sure they’re going to beef these up now. Everybody uses services that have been hacked- there have been banks that have been hacked but everyone still uses online banking.”
“You’ve got to look at whether hackers are there to do damage or there to prove they can do it,” added Greenwood, alluding to the fact that a file uploaded to a hacking forum last weekend appeared to contain millions of Adobe usernames but with the passwords hashed. Hashing passwords means they appear as a string of characters which can’t be converted back to the original text.
The spokeswoman for Adobe said this document had since been removed from the site at the vendor’s request. She added that Adobe had seen no indication of unauthorised activity on any accounts involved in the incident.