Adobe breach far worse than thought

Remember that Adobe(s adbe) source code breach that freaked everyone out? Well, it’s worse than we thought. It turns out that it affected not “just” Acrobat, Acrobat Reader and Cold Fusion users, but Photoshop users as well. The number of people impacted is well over the 3 million customers that Adobe  originally noted.

Update: Adobe said in early October that it believed hackers accessed names, encrypted credit card and expiration dates and other data for about 2.9 million customers. But in addition, its investigation has now confirmed that attackers “obtained access to Adobe IDs and what were at the time valid, encrypted passwords for approximately 38 million active users,” according to an Adobe spokeswoman.

Again, Yikes.

The news was reported late Tuesday by Reuters and KrebsOnSecurity, the website of security expert Brian Krebs who helped unearth the breach originally.

Krebs quotes an Adobe spokeswoman, which acknowledges that the attackers accessed Adobe IDs and encrypted passwords for “approximately 38 million active users.”  Adobe has notified those people via email and reset the passwords for the affected Adobe IDs, she said. The company’s investigation also found that source code for Photoshop, as well as the other products, was accessed, she said.

The issue with source code theft is that the bad guys can go through the code, line by line, to find vulnerabilities and start exploiting them long before anyone knows what’s going on.

It was a bad week in security. On Monday, someone used a compromised user account to  gain access to access some user data at MongoHQ, a  company that supports and hosts MongoDB databases.

I’ve reached out to Adobe for further comment and will update this report when I get it.

Note: This story was updated at 12:15 p.m. PDT October 30 with information about a MongoHQ security breach and again at 4:16 p.m. PDT with clarification from Adobe on the total number of customers impacted.