News

Adobe investigates scope of customer forum breach

Robert Westervelt, News Director

Adobe Systems has taken a database offline while forensics teams determine the scope of a data breach of the company's user forum.

The action was taken following a post to Pastebin by an Egyptian hacker who claimed to have stolen up to 150,000 emails and passwords of Adobe customers and partners. More than 250 records were posted to the website, showing names, titles and email addresses of a number of high-profile customers, including U.S. government officials. Encrypted passwords associated with the accounts were also posted.

Adobe spokesperson Wiebke Lips confirmed that the breach investigation is ongoing, but the attack appears to be contained to the company's user forum, where customers share tips and other information related to Adobe products.  The

    Requires Free Membership to View

forum has been brought offline during the course of the investigation. Adobe is resetting the passwords of impacted forum users.

"At this point of our investigation, it appears that the Connectusers.com forum site was compromised by an unauthorized third party," Lips said. "It does not appear that any other Adobe services, including the Adobe Connect conferencing service itself, were impacted."

Data analysis

An analysis of the data conducted by Tal Beery, security researcher, at Redwood Shores, Calif.-based security firm Imperva verified the validity of the list, however the hacked database probably contained outdated information. Beery said some of the Adobe employees identified in the list appear to no longer work at the software maker.  

The published passwords are protected using MD5 hashes, a method that can be cracked over time using publicly available password crackers, Beery said. The length of time it takes to crack an encrypted password depends on the password strength.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: