Adobe has confirmed that customer information for 2.9 million users, including passwords and credit card details, and source code for some of its products have been stolen from its network. If you’ve ever purchased a product from Adobe online, it’s time to change your password.

According to Adobe’s online FAQ, the attackers gained access to account details for 2.9 million customers. The data was in encrypted form, and Adobe suggests it hasn’t been decrypted yet, but advises customers to reset their passwords as a precaution.

Customers who were in the affected list or who have credit card details registered with Adobe will be sent an email advising them to change their password. We’d advise starting the process yourself from the Adobe web site, since it’s almost inevitable scammers will send copycat phishing emails in the near future.

The attackers gained access to source code for Adobe’s Acrobat Reader PDF software and ColdFusion web development platform, though we don’t know which version and there has been no evidence of attacks using the knowledge gained from that code so far. It’s not yet clear whether source code for other products was accessed; Adobe’s statement suggests there is a “possibility” this happened.