Hackers have stolen Adobe Systems' source code along with the security details, including credit card numbers in some cases, of nearly three million customers, the software maker has confirmed.
Security experts said on Thursday they were worried about the theft of source code because close review of the programs could lead to the discovery of new flaws that could be used to launch hard-to-detect attacks against all users of that software.
The hackers took source code for Adobe Acrobat, which is used to create electronic documents in the PDF format, as well as ColdFusion and ColdFusion Builder, used to create internet applications, Adobe said.
Adobe Chief Security Officer Brad Arkin said the company had been investigating the breach since its discovery two weeks ago and that it had no evidence of any attacks based on the theft.
"Very recently, Adobe's security team discovered sophisticated attacks on our network, involving illegal access of customer information as well as source code for numerous Adobe products," Arkin said in a blog post.
"Our investigation currently indicates that the attackers accessed Adobe customer IDs and encrypted passwords on our systems."
Homeland security warning
Arkin said hackers stole information on 2.9 million Adobe customers, including their names, user identification numbers and encrypted passwords and payment card numbers. He said the attacks might be related.
The company said it was resetting passwords for affected customers worldwide and warning people to change any passwords reused at other sites.
The US Department of Homeland Security's computer incident response team said that Adobe customers should be on the alert for fraud.
Adobe said it was working with banks and federal law enforcement to mitigate intrusions on customer accounts and to pursue those responsible.
The hackers offered Social Security numbers, credit report information and other highly sensitive data for sale over the Internet and had access inside the companies' websites through hacked computers, cybersecurity journalist Brian Krebs said.