In an initial statement made on 3 October, Adobe said hackers had accessed information including credit and debit card details on nearly 3 million customers. It also said attackers had accessed the source code for several Adobe products.
Adobe now says the hackers obtained access to Adobe IDs and encrypted passwords for approximately 38 million active users.
The company says it has contacted these active users by email to notify them of the incident and has also reset passwords on these accounts.
It says it is also investigating the number of inactive, invalid and test accounts that may have been compromised, and its notification to inactive users is ongoing.
Adobe says, ‘We currently have no indication that there has been unauthorised activity on any Adobe ID account involved in the incident.’