Adobe has confirmed that a recent cyber-attack compromised many more customer accounts than first reported.
The software-maker said that it now believed usernames and encrypted passwords had been stolen from about 38 million of its active users.
It added that the attackers had also accessed details from an unspecified number of accounts that had been unused for two or more years.
The firm had originally said 2.9 million accounts had been affected.
Adobe has also announced that the hackers stole parts of the source code to Photoshop, its popular picture-editing program.
Passwords reset
A spokeswoman for Adobe defended the fact its initial statement did not reveal the full scale of the issue.
“In our public disclosure, we communicated the information we could validate,” she said.
“As we have been going through the process of notifying customers whose Adobe IDs and passwords we believe to be involved, we have been eliminating invalid records. Any number communicated in the meantime would have been inaccurate.”
She added that the firm still believed that encrypted credit and debit card numbers, product expiration dates and other information relating to customer orders had only been compromised in the case of the original 2.9 million users identified.
Regarding the additional 35.1 million users, the company thinks only customer IDs and encrypted passwords have been affected.
It has since reset the passwords as a precaution against the encryption being cracked. However, this would not protect its customers from the threat of having their accounts on other services attacked if they used the same usernames and passwords.