Somebody's in for a sacking.
On the plus side, at least the user info was encrypted. And not mine.
I had to reset my passwords. Besides credit card info and such (my accounts hadn't been used in many years, though), there's also the source code for (supposedly) ColdFusion and Acrobat. CF is a lot less common than Acrobat--I wonder if the hackers are figuring out all sorts of security hacks with the source code in their hands. I wouldn't doubt it, actually. And Adobe doesn't exactly regularly patch their stuff for security the way MS does.
I don't know much about IT security, but I've never trusted 3rd party cloud data services. It's far worse, IMO, when corporations end up outsourcing their mission critical data--legal and HR records, EMR, etc.--to a 3rd party under contract. Those larger enterprise cloud services end up painting a giant target sign on themselves with all that aggregate client data. Not to mention making it very difficult to move to a different solution should you change your mind; I've experienced data hostage at work due to this, which really soured me on the whole cloud thing. Maybe I'm missing something, but I feel if a company kept with an internal solution (cloud or not), they'd have better control over security protocols and wouldn't be as ripe a target. Yes, that would require more resource expenditure and hiring actual employees instead of dubiously-legal H-1B contractors.
One of the better forms of additional security is 2-factor login. Not just for cloud services, but for pretty much everything these days. Hopefully everyone here has that enabled for their
Microsoft accounts (there is no MS authenticator app for Android, but
that doesn't matter). This is like my MMO game account--a code is generated by a special smartphone app that is paired with your login password (to both the game and the online account management, in that example). So even if the password is stolen somehow, unless the thieves have your actual phone or your other linked accounts--the code can also be sent to an email address, so you'd better have different passwords--it won't matter.