Adobe has issued an important customer security alert to about 2.9 million Adobe customers after discovering that attackers illegally entered their network. During regular security monitoring, Adobe’s security team discovered suspicious activity and determined that sophisticated attacks were made on their network, involving the illegal access of customer information as well as source code for numerous Adobe products. The attacks are believed to be related.
“We are working diligently internally, as well as with external partners and law enforcement, to address the incident,” Adobe stated.
Adobe strongly recommends that customers prevent unauthorized access to their accounts by resetting their passwords on any website where they may have used the same user ID and password.
Here’s the full context of the security alert:
We recently discovered that attackers illegally entered our network. The attackers may have obtained access to your Adobe ID and encrypted password. We currently have no indication that there has been unauthorized activity on your account. If you have placed an order with us, information such as your name, encrypted payment card number, and card expiration date also may have been accessed. We do not believe any decrypted card numbers were removed from our systems.
To prevent unauthorized access to your account, we have reset your password. Please visit www.adobe.com/go/passwordreset to create a new password. We recommend that you also change your password on any website where you use the same user ID or password. As always, please be cautious when responding to any email seeking your personal information.
We also recommend that you monitor your account for incidents of fraud and identity theft, including regularly reviewing your account statements and monitoring credit reports. If you discover any suspicious or unusual activity on your account or suspect identity theft or fraud, you should report it immediately to your bank. You will be receiving a letter from us shortly that provides more information on this matter.
We deeply regret any inconvenience this may cause you. We value the trust of our customers and we will work aggressively to prevent these types of events from occurring in the future. If you have questions, you can learn more by visiting our Customer Alert page, which you will find here.
Adobe Customer Care
As a precaution, Adobe has reset relevant customer passwords to help prevent unauthorized access to Adobe ID accounts. Customers whose user ID and password were involved have received an email notification from Adobe with information on how to change their password.
To create a new Adobe password, visit:
From the customer security alert, Adobe recommends following these three steps to reset your Adobe password:
1. Go to the Sign in page for My Adobe
2. Click Trouble Signing In
3. Click in the text box, enter your email address, and click Reset Password
- Adobe sends you an email message to that address with instructions to reset your password
- If you receive the error, “The provided email address could not be matched to an account on file. Please try again,” contact Adobe for help
For customers whose credit or debit card information is believed to be involved in the incident, Adobe is sending out notification letters with additional information on steps affected customers can take to help protect themselves. Adobe has also notified the banks processing customer payments for Adobe, so that they can work with the payment card companies and card-issuing banks to help protect customers’ accounts.
At this time, Adobe is not aware of any zero-day exploits targeting Adobe products. However, Adobe strongly advises customers run only supported software versions, apply all available security updates, and follow the advice in relevant security hardening guides. Taking these steps will helps mitigate attacks targeting older, un-patched, or improperly configured deployments of Adobe products.
For additional information from Adobe, visit their Customer Alert page.