Computer hackers reportedly took 2.9 million records of personal account information from Adobe Systems customers Adobe announced Thursday.
"The Adobe breach shows that everyone is fair game," Eduard Goodman, chief privacy officer at risk management firm IDentity Theft 911 told USA Today. "The hackers went in and stole private consumer information in the form of card information, even if it was encrypted, and they stole intellectual property. Those are two valuable assets."
In addition to the information, hackers also reportedly got a hold of source codes for at least two of the software company's major products.
"The far more worrying story is that hackers apparently have obtained 40 gigabytes of Adobe source code, which may include Adobe's most popular products, Adobe Acrobat and ColdFusion," Aaron Titus chief privacy officer at Identity Finder told USA Today. "Security professionals in organizations around the world should be on high alert for an increase in Acrobat-related attacks as hackers analyze the code for possible zero-day exploits."
The breach was found by Adobe's security team on the company's network, and may be connected.
"We believe these attacks may be related," Brad Arkin, Adobe chief security officer said in the blog post on the company's website. "Our investigation currently indicates that the attackers accessed Adobe customer IDs and encrypted passwords on our systems. We also believe the attackers removed from our systems certain information relating to 2.9 million Adobe customers, including customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders.
"At this time, we do not believe the attackers removed decrypted credit or debit card numbers from our systems. We deeply regret that this incident occurred. We're working diligently internally, as well as with external partners and law enforcement, to address the incident," he said.
As part of its efforts to correct the issue, Adobe is resetting the passwords of customers affected, notifying customers whose credit or debit card information were taken, informing banks of the situation, and notified federal law enforcement Arkin said in his post.