Software company Adobe has admitted that a cyber attack that saw hackers seize customers credit card details was much worse than they originally disclosed.
Adobe revealed that the breach compromised the security of 38m customer accounts, rather than the 2.9m it reported on 3 October.
Marcus Carey, a security researcher and ex-employee of the US’ National Security Agency, said: "This is a treasure trove for future attacks."
At the time, Adobe said it believed all the information stolen was encrypted, but Carey warned that this would not stop sophisticated hackers from being able to access credit card data.
Adobe spokeswoman Heather Edell said that, as far as the company was aware, there had been no unauthorised use of Adobe accounts following the attack.
However, she was unable to reassure account holders that their credit card details or passwords had not been used by the criminals.
She said: "Our investigation is still ongoing. We anticipate the full investigation will take some time to complete."
German customers "cool and calm" after Vodafone hacker steals bank details
Cyber attacks on banks: beware the wolf in sheep’s clothing