On Oct. 3, Adobe revealed it had been the victim of an attack it said exposed Adobe customer IDs and encrypted passwords of about 3 million users.
Now the company has revealed the number of affected accounts has turned out to be much higher.
"So far, our investigation has confirmed that the attackers obtained access to Adobe IDs and (what were at the time valid), encrypted passwords for approximately 38 million active users," Adobe spokeswoman Heather Edell told CNET.
"We have completed email notification of these users. We also have reset the passwords for all Adobe IDs with valid, encrypted passwords that we believe were involved in the incident -- regardless of whether those users are active or not."
Edell said Adobe has not been informed of any unauthorized activity on any Adobe account exposed during the breach.
Adobe said it has created a customer security alert page with more details on the breach and an option allowing users to change their passwords.