Adobe Data Breach Exposes Military Passwords
CREDIT: Adobe Systems Inc.
This story was updated at 10:45 a.m. Thursday Nov. 15 to add Adobe's confirmation of the data breach.
Adobe Systems is investigating a claim by one or more Egyptian hackers who leaked more than 600 names, email addresses and encrypted passwords that allegedly came from the software firm's database.
Many of the details pertain to American military and government officials from the Department of Homeland Security, the State Department, the Federal Aviation Administration, the Department of Transportation and all five branches of the U.S. military. A few British and Australian government accounts are included.
"I have hacked into one of Adobe servers, gained full access to it, dumped the database," read a Pastebin posting today (Nov. 14) by a user named ViruS_HimA. "Data for a lot of Adobe customers and partners including emails and passwords for 'Adobe Employees', 'US Military', 'USAF', 'Google', 'Nasa', '.Edu' and many many more companies around the world!"
ViruS_HimA also posted links to several file-hosting sites holding a small text file containing the leaked information.
All of the leaked information pertained to email addresses with adobe.com, .mil or .gov suffixes. The implication was that many more accounts that didn't fall into those categories were being held back.
All the passwords were encrypted as MD5 hashes, which were "unsalted" and hence fairly easy to converted back to plain text.
Using a free online password-cracking tool, we were able to crack several passwords, including "asdf123," "freedom" and "inyourface," as well as a few personal names.
"We have seen the claim and are investigating," an Adobe spokeswoman told Computerworld.
This is just the latest security breach to occur in a series of hacks, scams and zero-day exploits aimed at Adobe. The company has been making the wrong kind of security headlines for years, a fact that didn't escaped ViruS_HimA.
"Adobe is a very big company but they don't really take care of them security issues," the hacker said. "When someone report vulnerability to them, It take 5-7 days for the notification that they've received your report!! It even takes 3-4 months to patch the vulnerabilities!"
Although he's certainly earned its scorn, Adobe may be relieved to know that ViruS_HimA’s efforts will be focused elsewhere.
"BTW, next leak will be for Yahoo soon," ViruS_HimA concluded in his Pastebin post. "It gonna be very hot leak :P."
UPDATE: Later on Wednesday, Adobe confirmed in an official blog posting that the data seems to have come from an online forum created by Adobe for users of its Adobe Connect Web-conferencing service.
"It appears that the Connectusers.com forum site was compromised by an unauthorized third party," the blog posting said. "It does not appear that any other Adobe services, including the Adobe Connect conferencing service itself, were impacted."
Adobe said it had taken down the Connectusers.com website and was resetting the passwords of all users.
Anyone who's registered with Connectusers.com, and who used his or her password there on other sites as well, should change passwords across the board.
Follow Ben on Twitter @benkwx.