This morning I received the news of new attacks against Adobe, an Egyptian Hacker named ViruS_HimA
hacked into Adobe servers and leaked private data.
The hacker claims to have violated Adobe servers gaining full access and dumping the entire database with more of 150,000 emails and hashed passwords of Adobe employees and customers/partner of the firm such as US Military, USAF, Google, Nasa DHL and many other companies.
The leaked file contains a list of for each account the following information:
- Password hash
The hacker declare that his intent was far from to destroy the business of the company, that’s why he posted data leaked related only to Adobe, and belonging the domains “*.mil” and “.gov”.
Which is the motivation of the attack?
The attack hasn’t a politic motivation, ViruS_HimA desire to demonstrate that despite Adobe is one of the most important company in IT landscape it leaks of a proper security defense. For the same reason the hacker announced that next target will be Yahoo.
The hacker specifically addresses the latency in the response to a vulnerability of the company, the patch management is too long, from the signal of a vulnerability to its fix may take many months.
“When someone report vulnerability to them, It take 5-7 days for the notification that they’ve received your report!! It even takes 3-4 months to patch the vulnerabilities! Such big companies should really respond very fast and fix the security issues as fast as they can.
“Don’t be like Microsoft,Yahoo security teams!! but be like Google security team” Qouted from Hima.
I don’t know exactly the response time of Adobe firm but I agree with the hackers, response time too long has already caused many security problem in the past, let’s remind for example what is happened with Oracle Java vulnerabilities fixed on Mac systems months after the discovery.
Response time and incident response procedure are crucial factors for the management of vulnerabilities and restore of compromised systems.
The evidence of the attack
The hacker has posted the image of the .CSV file contains the data informing the readers that there wasn’t EXIF (EXchangeable Image File data)
to trace him: http://i47.tinypic.com/2s6pjfa.jpg
The hacker also posted the leaked data at the following URL
Meanwhile the official communication has been posted on PasteBin ( http://pastebin.com/Bf9uv4hR
). We await an official statement from Adobe on the event.
Update : Adobe is now aware about the issue and investigating the hack. ’The Hacker News’ talk more with the hacker to know that , How he scatully get this dump and where was vulnerability. We came to know that, Hacker is able to upload the php shell on the Adobe website (may be using a LFI) and then he look for database configuration file to get credentials. After that hacker get into the database server and export the complete database.
Update: In a blog post, Adobe confirm that their “Adobe Connect conferencing service” forum http://connectusers.com/ is compromised and this database actually belongs to their forum only. Also Adobe confirm that “not appear that any other Adobe services effected“
For Security reasons Adobe team put http://connectusers.com/ under maintenance mode and fixing the issue. “We are in the process of resetting the passwords of impacted Connectusers.com forum members and will reach out to those members with instructions on how to set up new passwords once the forum services are restored.“