Adobe identified the attack on September 17 and began notifying customers "immediately" after it disclosed the breach on October 3, according to company spokeswoman Heather Edell.
"Email notifications are taking longer than we anticipated," she said.
The company has had to validate email addresses of those affected, and also limit the number of notifications sent at any one time to make sure they don't get blocked by email providers or tagged as spam, she said.
Edell said the company has notified by email and letter some 2.9 million Adobe customers with credit or debit card information taken by the attackers.
It is in the process of notifying tens of millions of others who have Adobe ID accounts for using its customer website, she said. She declined to provide a specific number on how many had been affected, saying the investigation was still ongoing.
A file containing information on some 152 million Adobe ID accounts has circulated on the Internet for at least three weeks. It includes email addresses along with encrypted passwords and password hints, according to multiple security firms that have reviewed its contents.
Yet Edell said it was not accurate to say 152 million customer accounts had been compromised because the database attacked was a backup system about to be decommissioned.
She said the records included some 25 million records containing invalid email addresses, and 18 million with invalid passwords.
Source : Reuters
Image : REUTERS/CATHAL MCNAUGHTON
Post a Comment