Wednesday, November 14, 2012

Adobe Hacker Says He Used SQL Injection To Grab Database Of 150,000 User Accounts

Exposed passwords were MD5-hashed and 'easy to crack' via free cracking tools, he says.

Adobe today confirmed that one of its databases has been breached by a hacker and that it had temporarily taken offline the affected website.
The attacker who claimed responsibility for the attack, meanwhile, told Dark Reading that he used a SQL injection exploit in the breach.

Adobe's confirmation of the breach came in response to a Pastebin post yesterday by the self-proclaimed Egyptian hacker who goes by "ViruS_HimA." He says he hacked into an Adobe server and dumped a database of 150,000 emails and passwords of Adobe customers and partners; affected accounts include Adobe employees, U.S. military users including U.S. Air Force users, and users from Google, NASA, universities, and other companies.

The hacker, who also goes by Adam Hima, told Dark Reading that the server he attacked was the Web server, and that he exploited a SQL injection flaw to execute the attack. "It was an SQL Injection vulnerability -- somehow I was able to dump the database in less requests than normal people do," he says.

Users passwords for the Adobe Connect users site were stored and hashed with MD5, he says, which made them "easy to crack" with freely available tools. And Adobe wasn't using WAFs on the servers, he notes.

"I just want to be clear that I'm not going against Adobe or any other company. I just want to see the biggest vendors safer than this," he told Dark Reading. "Every day we see attacks targeting big companies using Exploits in Adobe, Microsoft, etc. So why don't such companies take the right security procedures to protect them customers and even themselves?"

The hacker leaked only some of the affected emails, including some from @ "", "*.mil", and "*.gov," with a screen shot in his Pastebin post, where he first noted that his leak was because Adobe was slow to respond to vulnerability disclosures and fixes.

"Adobe is a very big company but they don't really take care of them security issues, When someone report vulnerability to them, It take 5-7 days for the notification that they've received your report!!" he wrote. "It even takes 3-4 months to patch the vulnerabilities!"

Adobe didn't provide details of how the breach occurred. Guillaume Privat, director of Adobe Connect, in a blog post this afternoon said Adobe took the forum website offline last night and is working on getting passwords reset for the affected accounts, including contacting the users. Connect is Adobe's Web conferencing, presentation, online training, and desktop-sharing service. Only the user forum was affected.

"Adobe is currently investigating reports of a compromise of a forum database. These reports first started circulating late during the day on Tuesday, November 13, 2012. At this point of our investigation, it appears that the forum site was compromised by an unauthorized third party. It does not appear that any other Adobe services, including the Adobe Connect conferencing service itself, were impacted," Privat said.

This is the second public breach of the software firm this year. In October, Adobe revealed that an internal server with access to its digital certificate code-signing infrastructure was hacked by "sophisticated threat actors."

The attackers had created at least two malicious files that they digitally signed with a valid Adobe digital certificate. Adobe revoked the certificate and issued updates for its software signed by it, including Windows-based apps and Adobe AIR.

Tal Beery, a security researcher at Imperva, analyzed the data dump in the Connectusers Pastebin post. He found that the list appears to be valid and that the hacked database is relatively old. "I have analyzed some of the leaked data and compared some names in that leaked files against and found out they did work for Adobe but no longer employed there," he says. "The list include both Adobe and other companies email, which suggests that this may be a customer related" database, he says.

The Adobe hacker Hima, meanwhile, warned in his post that his next leak would be for Yahoo.



  1. đồng tâm
    game mu
    cho thuê nhà trọ
    cho thuê phòng trọ
    nhac san cuc manh
    số điện thoại tư vấn pháp luật miễn phí
    văn phòng luật
    tổng đài tư vấn pháp luật
    dịch vụ thành lập công ty trọn gói

    Trái lại, cô gái kia thần sắc hết sức tự nhiên, tựa hồ như không hề minh bạch chuyện tình trong đó.

    “Phần lớn người trong giang hồ đều là người của Đệ Ngũ Khinh Nhu. Ngoài ra, trong bảy đại môn phái ở Hạ Tam Thiên này thì đã có hai nằm gọn trong lòng bàn tay của hắn, những môn phái khác đều có thế lực riêng của hắn cài cắm ở bên trong.”

    Sắc mặt của Thiết Long Thành mỗi lúc càng thêm trầm trọng.

    “Đệ Ngũ Khinh Nhu còn có bốn tên cao thủ đỉnh cấp làm thủ hạ, trong đó hai người phụ trách bảo hộ an toàn cho hắn, còn lại hai người chính là chánh phó thủ lĩnh của Kim Mã Kỵ Sĩ Đường. Nghe nói thực lực bốn người này đều có thể dễ dàng tiến vào Trung Tam Thiên, thậm chí không hề thua kém những cao thủ tại Trung Tam Thiên. Bọn họ đều là cao thủ Vương cấp, người mạnh nhất đã là Lục phẩm Đao Vương!”

    Sở Dương lại tung thêm một tin tức động trời nữa.

    Bốn vị cao thủ Vương cấp!

    Tin tức này không khỏi khiến cho Thiết Long Thành cùng với cô gái kia chấn động mãnh liệt. Ngay cả đến Cố Độc Hành đang đứng bênh cạnh cũng không khỏi hoảng hốt nhìn sang.