Adobe has confirmed that a recent cyber attack compromised more than ten times the number of accounts than initially reported and also involved source code for Photoshop.
Just after the breach, Adobe chief security officer Brad Arkin said in a blog post that 2.9 million accounts had been affected, but the firm now says the figure is around 38 million active accounts.
The company said its initial statement was based on information it could validate at the time, according to the BBC.
However, the bulk of the compromise relates only to customer IDs and encrypted passwords, while the 2.9 million figure relates to encrypted payment card details and other customer order information.
Adobe has also now revealed the attackers accessed details from an unspecified number of accounts that had been dormant for two or more years and stole some source code for Photoshop.
Initial reports said the attackers had accessed the source code of Adobe’s Acrobat PDF document-editing software and ColdFusion web application creation products.
Read more about Adobe
- Adobe fixes bevy of critical Shockwave Player vulnerabilities
- Devastating Adobe breach affects 2.9 million customers; source code stolen
- Adobe to revoke certificate following fraudulent use
- Adobe hopes to speed patch releases with more transparency
- Adobe shifts to Microsoft patching process, incident response plan
In May, Adobe moved several products to a subscription model, requiring customers to register an account and provide payment card details to qualify for upgrades.
The company said it had notified all customers that might have been affected and reset their passwords as a precautionary measure.
Adobe also said there had been no indication so far of unauthorised activity on any of the accounts involved in the breach.
The breach is a major embarrassment for the company, which had been promoting its Creative Cloud subscription services heavily since switching to the new business model.
In 2012, Adobe's servers were breached due to a configuration error. In response to that attack, Arkin made major changes to internal security.