Adobe Systems Inc. (NASDAQ:ADBE) reported earlier in October that hackers accessed personal information, including credit card data, for 2.9 million Adobe customers as well as an undisclosed number of usernames and passwords. Adobe finally released how bad the cyberattack really was on Tuesday, showing that the hackers actually compromised the personal information of more than 38 million of its customers.
Adobe said it reset the affected passwords and notified the 38 million users. An Adobe spokesperson pointed out that 38 million number also includes invalid accounts, but didn’t indicate how many.
After hackers crack the encryption on the passwords, they sell the usernames and passwords on black market websites like the now-defunct Silk Road for about $20 each. Adobe also reported that hackers gained access to part of the source code for Photoshop.
Adobe acknowledged in September that it is increasingly a target for hackers. On Oct. 3, hackers stole the source code for Adobe Acrobat, ColdFusion and ColdFusion Builder.
An Adobe spokesperson told Reuters that the San Jose, Calif.-based software company is unaware if any of the stolen accounts or credit card information has been used for further cyberattacks, but that the investigation continues.