Jump to content
nsane.forums

Archived

This topic is now archived and is closed to further replies.

nsane.forums

Adobe hacked, passwords posted online

Recommended Posts

nsane.forums

Adobe said Wednesday it is investigating the release of 230 names, email addresses and encrypted passwords claimed to have been stolen from a company database.

The information was released on Tuesday on Pastebin by a self-proclaimed Egyptian hacker named “ViruS_HimA.” The hacker, who claimed the database accessed holds more than 150,000 records, posted links to several websites hosting a text file with 230 records.

“We have seen the claim and are investigating,” said Wiebke Lips, senior manager with Adobe’s corporate communications.

Posted Image

Adobe said Wednesday it is investigating the release of 230 names, email addresses and encrypted passwords claimed to have been stolen from a company database.

The hacker only released records with email addresses ending in “adobe.com,” “.mil” and “.gov.”

A look at the 230 records showed the full names, titles, organizations, email addresses, usernames and encrypted passwords of users in a variety of U.S. government agencies, including the departments of Transportation and Homeland Security, the U.S. State Department, the Federal Aviation Administration and state-level agencies, among others.

The published passwords are MD5 hashes, or cryptographic representations, of the actual plain-text passwords. It’s a good security practice to only store hashes rather than the plain-text passwords, but those hashes can be converted back to their original state using free password-cracking tools and enough computing power.

Shorter passwords are easier to crack, especially if they contain no special characters and are, for example, just a word composed of lower-case letters. Many MD5 hashes that have already been reversed are available in lists freely available on the internet.

Some of the MD5 hashes released in the text file revealed simple passwords. That’s particularly dangerous given that people tend to reuse passwords for other services. Hackers will typically try to use stolen credentials on sites such as Facebook and Twitter to see if they’re valid.

Given that the data released on Tuesday includes names and organizations, hackers could act fast in an attempt to steal other information.

An email request for an interview with ViruS_HimA wasn’t immediately returned. The hacker wrote there’s another data leak soon to be released from Yahoo.

Posted Image View: Original Article

Share this post


Link to post
Share on other sites
DKT27

Adobe confirms Connectusers breach, shuts down website

Adobe has shut down Connectusers.com, a community forum site for users of its Adobe Connect Web conferencing platform, because the site's user database was compromised.

On Tuesday, a hacker named "ViruS_HimA" claimed that he hacked into "one of Adobe's servers" and copied a database containing email addresses, password hashes and other information of over 150,000 Adobe customers, partners and employees.

To support his claim, the hacker published a limited set of records for users with email addresses ending in adobe.com, .mil and .gov.

"As soon as we became aware of the hacker's post, we launched our investigation, which (based on the information leaked by the hacker) led us to determine that the hacker appears to have compromised the Connectusers.com forum site," said Wiebke Lips, Adobe's senior manager of corporate communications, Wednesday via email.

The hacker leaked 644 records, but he claimed to have accessed the entire forum database, Lips said. "The forum has a total of about 150,000 registered users."

"We are in the process of resetting the passwords of impacted Connectusers.com forum members and will reach out to those members with instructions on how to set up new passwords once the forum services are restored," Lips said.

The forum site was taken offline Tuesday evening, said Guillaume Privat, director of Adobe Connect, Wednesday in a blog post. "It does not appear that any other Adobe services, including the Adobe Connect conferencing service itself, were impacted," he said.

Privat recommended that users should follow password best practices and use different log-in credentials across different services. However, as other data leaks have shown in the past, a lot of users don't do this, which could allow hackers to break into their accounts on many other websites.

Based on an analysis of the leaked data, the password hashesAdobe confirms breach of Connectusers.com forum database, shuts down websiteencrypted versions of the passwordsAdobe confirms breach of Connectusers.com forum database, shuts down websitestored in the compromised Adobe database had been generated with MD5, a cryptographic hash function that's known to be insecure, said Tal Beery, a security researcher at security firm Imperva, via email. This means that they can easily be cracked to recover the original passwords, he said.

Posted Image View: Original Article

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×