Last Month's Adobe Security Breach May Have Surfaced 150 Million Records of User Data


In last month’s security breach of software company Adobe, upwards of 38 million records of private user data were, in some capacity, compromised. As of a new claim on the Sophos Naked Security blog today, it appears that Adobe’s original estimates (which were actually as low as 3 million in the beginning) may actually be an undershot.

The evidence behind this discovery is a database of Adobe user data that recently surfaced on a website often visited by online criminals, according to Naked Security’s Paul Ducklin.

This leak of “breached records,” says Ducklin, amounts to a sizeable 10GB of uncompressed user data. After analyzing a fragment of the data, Sophos claims that Adobe may have been employing some suspect encryption methods to secure its private information.

Adobe, conversely, stands by its 38 million user statistic, which was mentioned in a recent letter sent out to Adobe customers, including myself – in which they apologized for the breach and encourage you to secure your account as best you can. They say that most of the data spilled is likely “many invalid Adobe IDs, inactive Adobe IDs, Adobe IDs with invalid encrypted passwords, and test account data.” It’s currently unclear if Adobe is referring to its second estimate of 38 million records, or the claimed 150 million.

Image courtesy of ActivistPost.

“We currently have no indication that there has been unauthorized activity on any Adobe ID account involved in the incident,” an Adobe spokesperson told The Verge.

Whatever the case may be, it wouldn’t be the worst idea to change your password and security information once more, even if Adobe already did it for you following the breach, just to be safe.

We can’t let your credit card details, or more importantly your copy of Photoshop, fall into any dastardly hands, now can we?