“Very recently, Adobe’s security team discovered sophisticated attacks on our network, involving illegal access of customer information as well as source code for numerous Adobe products,” Adobe’s chief security officer, Brad Arkin, said in a blog post.
“Our investigation currently indicates that the attackers accessed Adobe customer IDs and encrypted passwords on our systems.”
The stolen data was said to include customer names, encrypted credit or debit card numbers, expiration dates and other information relating to people’s orders.
It appeared that no decrypted credit or debit card numbers were taken, according to Arkin.
“We deeply regret that this incident occurred,” he said. “We’re working diligently internally as well as with external partners and law enforcement to address the incident.”
Adobe was resetting the passwords of customers whose information was taken and alerting people whose credit or debit card numbers were swiped.
The California-based company was also investigating the theft of source code crafted into its products and said it didn’t believe it increased the risk of hackers’ breaking into programs people use.
Adobe makes widely used computer programs suh as Acrobat, Reader, Photoshop and ColdFusion, a Web application development tool.
Brian Krebs of the website KrebsOnSecurity said in a blog post that it appeared the same attackers recently struck data brokers and the National White Collar Crime Center, which helps agencies and organizations involved in the investigation and prosecution of cybercrime.
Krebs and fellow Internet-security expert Alex Holden alerted Adobe to the breach, which they said happened in August.
It remained to be seen whether those breaches exploited Adobe software.