From Adobe’s blog (emphasis mine). . .
Our investigation currently indicates that the attackers accessed Adobe customer IDs and encrypted passwords on our systems. We also believe the attackers removed from our systems certain information relating to 2.9 million Adobe customers, including customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders. At this time, we do not believe the attackers removed decrypted credit or debit card numbers from our systems.
The issue of these major security breaches are really starting to hit home, and I will likely review my own security standards for the family in the near future. I use Adobe products much more than I ever did LinkedIn, and I get tremendous value out of Adobe. Hell, my career universe has Adobe products firmly at the center. Luckily for me, my Adobe purchases are managed by my company so there is no direct financial risk for me, but there is only so far one can get with their software without at least an Adobe ID.
This does bring to bear a challenging implication about their new subscription model with Creative Cloud. When Adobe writes “At this time, we do not believe the attackers removed decrypted credit or debit card numbers from our systems” there is an implied “yet” in that statement based simply on the fact that they now store financial information on their servers until told otherwise by customers due to the new subscription service.
I don’t want to imply that Adobe doesn’t take security seriously, but with the amount by which they are effectively raising their prices (read as: more than doubling their annual cost) and with the responsibilities that Adobe voluntarily took on by requiring thousands, if not millions, of people to store their financial information on their servers, customers should get better services than this.
2.9 million. I await my email from them.
UPDATE: I got an email for a long-forgotten account. Joy.
UPDATE: BBC: Adobe hack: At least 38 million accounts breached. Joy.