Now the loss of 3 million accounts and source code was a bad thing and one that caused quite a fuss on the internet. Adobe had allowed the compromise of 3 million peoples’ personal information. Now what was unusual was that a few days later a second round of emails went out. We were sent a copy of these second round and wondered if there had been another breach or if Adobe’s original claim of 3 million users was less than accurate.
Shortly after the publication of that article (you can read it here) we received a communication from Adobe saying that the second round was not a new breach or additional lost information. Instead we were told it was to prevent Adobe from being flagged as a spammer.
“The emails are going out as quickly as possible. There are a number of reasons why they cannot all be sent at the same time--some of them technical reasons. For example, if we were to send all emails at the same time, they would get flagged as spam and not reach our customers”
Now our response was that there are services that are registered to send large quantities of email and in situations like this it seemed that Adobe should be more concerned with getting the information to their users. This comment was never really answered and all we received was a generic response.
“What I can tell you is that we are working diligently internally, as well as with external partners and law enforcement, to address the incident. We value the trust of our customers and are working aggressively to prevent these types of events from occurring in the future.”
Both emails came from Wiebke Lips, Sr Manager for Corporate Communications at Adobe. We took this information at face value although we were still skeptical about the reason for the delay in emails sent to compromised accounts. Now new information has been revealed that the original breach was not 3 million users information compromised, but possibly as many as 38 Million.
Adobe says that the new information was uncovered as part of their continued investigation into the breach that happened in early October 2013. We find the disclosure very interesting considering our conversations with Adobe over the matter around the 10th of October. When you consider that there were roughly 35 Million more people affected that first disclosed we really do wonder just how far the breach goes and if the attackers left anything in place to allow them continued access. We have asked Adobe for more information and will update as soon as we hear anything back.
Tell us what you think about this latest development in our Forum