Arkin credited security journalist Brian Krebs, as well as Alex Holden, chief information security officer of Hold Security, a company that monitors the Internet underground for stolen business data, with helping Adobe respond to the incident.
According to Hold Security, more than 40GB of encrypted archives that appear to contain the source code for the Adobe Acrobat and Adobe ColdFusion product lines were found on servers used by cybercriminals who are believed to have also hacked into computer systems of major data brokers Dun and Bradstreet, LexisNexis and Kroll Background America.
The breach appears to have occurred in early August, and it's unclear whether the hackers analyzed the source code or used it for malicious purposes, Holden said on its website.
The firm seems to disagree with Adobe on the potential security impact of the source code being stolen.
"Adobe products are installed on most end-user devices and used on many corporate and government servers around the world," Holden Security said in a blog post. "While we are not aware of specific use of data from the source code, we fear that disclosure of encryption algorithms, other security schemes, and software vulnerabilities can be used to bypass protections for individual and corporate data. Effectively, this breach may have opened a gateway for [a] new generation of viruses, malware, and exploits."
Adobe could not confirm whether the popular Adobe Reader product was also affected, or if the security breach also resulted in the theft of encryption keys or code-signing certificates.
"Our investigation is still ongoing," the Adobe spokeswoman said.
This is not the first time hackers have compromised Adobe's internal computer systems. Last year, attackers gained access to an Adobe code-signing server and used it to digitally sign malware.
