The California-headquartered firm said it has informed all the affected users and has reset their passwords.
"Our investigation has confirmed that the attackers obtained access to Adobe IDs and what were at the time valid, encrypted passwords for approximately 38 million active users," an Adobe spokesperson said.
On October 3, Adobe said it faced two attacks from cyber criminals who stole credit card data of 2.9 million customers. Its security team had discovered the sophisticated attacks involving illegal access of customer information and source code of many Adobe products.
"We have completed email notification of these users. We also have reset the passwords for all Adobe IDs with valid, encrypted passwords that we believe were involved in the incident regardless of whether those users are active or not," the spokesperson added.
Adobe products are used by film and video makers, web and graphic designers, creative professionals, professional publishers, enterprises and individual consumers. The products are widely used on the Internet, including reading and viewing of documents.
Adobe users avail its various offerings through accounts for which they pay a particular fee depending on the services.
Adobe said its investigations on the breach are still on.
"Our investigation is still ongoing, and we anticipate the full investigation will take some time to complete," the spokesperson said.
Adobe has not revealed the geographies where the accounts have been compromised. It has offices in about 34 countries across North America, Asia, Australia and New Zealand, Europe, Middle East, Africa and South America.
It also has a significant presence in India with R&D offices in Bangalore and Noida and sales offices in Bangalore, Noida and Mumbai. The firm employs over 2,000 people in India of its global headcount of more than 11,000 employees.