After a hacker posted a sample of compromised records online Adobe confirmed a breach affecting 150,000 customers through a vulnerability in the community site forum for their Connect Web conferencing platform to include email addresses, hashed passwords and other information.
A hacker from Egypt posted a screen shot of compromised records in mid-November which were claimed to be taken from Adobe. This spurred an investigation which led to Adobe confirming the breach and shutting down Connectusers.com due to the site’s user database being compromised. This site served as a forum for Adobe’s web conferencing platform and there were about 150,000 registered users including many business and professional users of the service. The sampling of compromised emails included .adobe, .mil and .gov addresses. Adobe has since reset the passwords for all impacted users and the site was taken offline the night of November 13.
According to Adobe, the Adobe Connect service itself did not appear to be impacted nor any other Adobe services. But the effects of the breach can still be damaging as 150,000 email addresses were compromised while the hashed passwords were generated with MD5, a hash function known to be insecure. Adobe has reset the passwords for all affected by the breach, but the tendency for individuals to reuse passwords across various websites puts many other accounts at risk.
The hacker claimed they posted the data online to show that Adobe is slow in fixing known security problems while also promising to release data stolen from Yahoo next.
For more information: