The impact of a data breach at software maker Adobe appears to be worsening. When it first announced the breach on October 3, Adobe said that cyber attackers had compromised accounts and passwords of nearly 3 million users. Now that number has jumped to at least 38 million users.
WhatÃ¢â‚¬â„¢s more a blog post at PCWorld indicates that a further 150 million usernames and hashed passwords were taken from Adobe. While Adobe says these could include inactive IDs, test accounts and IDs with invalid passwords, the company is still investigating.
PCWorld also reports that the hackers stole source code for flagship Adobe products such as Photoshop, Acrobat, and Reader.
It cites a blog post by Hold Security that suggests the source code theft could have far-reaching security implications.
HereÃ¢â‚¬â„¢s the direct quote from the Hold Security blog post:
While we are not aware of specific use of data from the source code, we fear that disclosure of encryption algorithms, other security schemes, and software vulnerabilities can be used to bypass protections for individual and corporate data. Effectively, this breach may have opened a gateway for a new generation of viruses, malware, and exploits.Ã¢â‚¬
Despite the major news headlines about cybercriminals, itÃ¢â‚¬â„¢s worth remembering that mistakes made by people and systems actually cause the majority of data breaches.
The 2013 Cost of a Data Breach study by the Ponemon Institute and Symantec, found that negligence and system glitches together accounted for 64 percent of data breaches last year. Such incidents include employees mishandling information, violations of industry and government regulations, inadvertent data dumps, stolen laptops, and wrongful access.
However, U.S. companies represented in this study are apparently continuing to improve their preparation for and response to a data breach.
Both the organizational cost of data breach and the cost per lost or stolen record declined last year, with the organizational cost declining from $5.5 million to $5.4 million and the cost per record from $194 to $188.
Ponemon and Symantec attribute this to more organizations using data loss prevention technologies, fewer records being lost in the breaches and less customer churn.