Adobe has confirmed that 2.9 million customers have had private information stolen during a “sophisticated” cyber attack on its website.
The attackers accessed customer security details, including encrypted passwords and payment card numbers, Brad Arkin, Adobe’s chief security officer wrote.
But Adobe does not believe decrypted debit or credit card data was removed.
“We deeply regret that this incident occurred,” said Mr Arkin.
Adobe software is used to create documents in the popular PDF format.
Adobe said that it is resetting passwords for the customer accounts it believes were compromised, and that those customers will get an email alerting them to the change.
It is also recommending that, as a precaution, customers affected change their passwords and user information for other websites for which they used the same ID.
For those customers whose debit or credit card information is suspected of being accessed, Adobe is offering a complimentary one-year subscription to a credit-monitoring programme.
Finally, the company said it had notified law enforcement officials and is working to identify the hackers.
It also said it was investigating the “illegal access” of source code for numerous Adobe products, including Adobe Acrobat and ColdFusion,
“Based on our findings to date, we are not aware of any specific increased risk to customers as a result of this incident,” said Mr Arkin.
The company said it had been helped by internet security journalist Brian Krebs and security expert Alex Holden.
They discovered a cache of Adobe code while investigating attacks on three US data providers, Dun & Bradstreet, Kroll Background America, and LexisNexis.
Mr Krebs said the Adobe code was on a server he believed the hackers used.