The number of Adobe customers impacted in a breach disclosed earlier this month has skyrocketed to about 38 million. That is more than ten times the roughly three million affected users the company announced previously.
Adobe spokesperson Heather Edell said the company had notifed the 38 million impacted customers.
“We currently have no indication that there has been unauthorized activity on any Adobe ID account involved in the incident,” Edell said.
The attackers also obtained invalid and inactive Adobe IDs, Edell said, as well as invalid encrypted passwords and test account data. She added that Adobe is in the process of notifying those customers and that all encrypted passwords, whether those users are active or not, have been reset.
Security blogger Brian Krebs and Alex Holden, CISO at Hold Security, aided Adobe in responding to the incident earlier this month.
In a Tuesday post, Krebs said that a sizable file hosted on AnonNews.org this weekend contained 150 million Adobe username and hashed password pairs. He said the 3.8 GB file, which has since been removed, appears to be the same one discovered by he and Holden earlier this month.
The attackers are believed to be the same criminals that hacked other entities, including LexisNexis, the National White Collar Crime Center and, most recently, PR Newswire.