funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Adobe confirms customer data breach

From: Jeffrey Walton <noloader () gmail com>
Date: Mon, 19 Nov 2012 02:21:32 -0500
http://www.h-online.com/security/news/item/Adobe-confirms-customer-data-breach-Update-1750344.html

A hacker says that he managed to break into an Adobe server and copy
the private credentials of approximately 150,000 users – including
their names, email addresses and password hashes. To prove the attack,
the intruder, who goes by the name of "ViruS_HimA" and claims to be
from Egypt, has released extracts from his haul on the anonymous
Pastebin text hosting service. The data includes details of users who
the attacker has associated with Adobe, the US military and US
government circles based on their email addresses.

Talking to security magazine Dark Reading, the hacker said that he
managed to exploit an SQL injection hole for his attack. Apparently,
he didn't encounter any obstacles such as a Web Application Firewall
(WAF) that would filter out potentially dangerous HTTP requests. The
attacker explained that he publicised the intrusion to highlight the
vulnerabilities and motivate companies such as Adobe to enhance their
security.

On its blog, Adobe has confirmed that an unauthorised third party
successfully launched an attack on one of the company's customer
databases. According to Adobe, the data originates from the
Connectusers.com web site, which is a forum for customers of the Adobe
Connect web conferencing service. The forum has since been temporarily
suspended. Adobe says that the attacker didn't compromise the Adobe
Connect service itself or any other areas of the company's web
presence.

Adobe hasn't confirmed the attacker's claim that 150,000 user records
were affected; neither has it provided any information on its password
storage mechanisms. According to the hacker, Adobe's database
contained MD5 hashes that can easily be cracked.

Update 15-11-12 14:55: According to security firm Sophos, the
passwords were stored as unsalted MD5 hashes, which can easily be
cracked quickly using modern CPU and GPU hardware. If the database
extract turns out to be genuine, Adobe should have invested a little
more effort in protecting the passwords of its users. The article
"Storing passwords in uncrackable form" at The H Security explains how
administrators can prevent passwords from being cracked this easily.
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: