Earlier this month, Adobe announced that its servers had been hacked, and that the attackers had accessed customer IDs, encrypted passwords and encrypted credit and debit card numbers of 2.9 million of its customers. The company now says that the attack could have impacted up to 38 million users instead.
Adobe says that it has sent email notifications to the 38 million users believed to have been affected and their passwords have been reset. Adobe mentions that 38 million is only the number of active users it believes were compromised, the company believes that the attackers also gained access to inactive Adobe IDs so the eventual number of affected accounts could be even larger. Portions of the source code for Photoshop, Acrobat, Reader and ColdFusion were also taken in the hack.
More disturbingly, in a letter sent to some affected customers, Adobe revealed that the attacker had decrypted some accounts' credit card numbers using Adobe's own systems, but it couldn't confirm if the decrypted information had then been taken off its servers.