Adobe has admitted that it is taking longer than expected to alert millions of customers that their data may have been leaked in a massive security breach that happened in September.
Adobe, who went public with the news on October 3, said it "immediately" started to inform those affected. But some have still not been alerted, 10 weeks later, potentially leaving them more vulnerable to identity theft.
"Email notifications are taking longer than we anticipated," said Adobe spokesman Heather Edell, speaking to Reuters.
The problem is apparently caused by the need to limit the number of emails sent at once, in order to prevent them being marked as mass spam by email providers.
So far only 2.9 million of those affected have been informed, some by letter and some by email.
It is reported that details of 152 million Adobe ID accounts have been available online for several weeks, but the company claims that the breach affected a backup server so many of the details are old; 25 million have invalid email addresses and a further 18 million have since-changed passwords. Adobe also says that "a large percentage" of the details were false and entered by people looking to download free software.
Last month the company behind popular deskop software Photoshop, InDesign and Acrobat claimed that the number of real users affected was 38 million.
Source code for Adobe products including Acrobat, ColdFusion, and ColdFusion Builder were also stolen in the security breach.
Security expert Graham Cluley highlighted fears at the time that malicious hackers could examine the code and attempt to find flaws and vulnerabilities that they can exploit.
"It should go without saying that no software company ever wants to have criminals steal its source code – it is, after all, the technology equivalent of losing the Crown Jewels," he said.
