Adobe user forum suspended after hack

Posted by Emma Woollacott

Adobe has become the latest victim of hackers, suspending its Connectusers.com forum after login details were published online.

The company says it's resetting the passwords of all affected forum members and hopes to restore service as soon as possible. It will alert users whose passwords have been reset once the site's back up and running again.

"At this point of our investigation, it appears that the Connectusers.com forum site was compromised by an unauthorized third party," says the company in a blog post.

"It does not appear that any other Adobe services, including the Adobe Connect conferencing service itself, were impacted."

The Egyptian hacker, who calls himself ViruS_HimA, claims on Pastebin to have stolen credentials for 150,000 forum users, and has publisahed  644 database entries.

"I have Hacked into one of Adobe servers, Gained full access to it, Dumped the Database, It contains over 150,000 Emails,Passwords with full data for a lot of Adobe customers and partners including Emails and Passwords for "Adobe Employees", "US Military", "USAF", "Google", "Nasa", ".Edu" and many many more companies around the world!," reads the post.

"Adobe is a very big company but they don't really take care of them security issues, When someone report vulnerability to them, It take 5-7 days for the notification that they've received your report!!
It even takes 3-4 months to patch the vulnerabilities!"

Paul Ducklin of security form Sophos is critical of Adobe's security.

"Firstly, the passwords in the list are hashed, but without any salt. A salt is random content mixed with the password before hashing, so that repeated passwords do not cause repeated hashes. You simply must use salted hashes, to stop crackers using a simple precomputed dictionary to crack your passwords super-fast," he says in a blog post.

"Secondly, the hashes consist of a single iteration of MD5 applied directly to the password. You simply must use many iterations of your chosen hash, to slow down crackers by making brute-force attacks harder by a factor as big as the number of iterations."

Imperva security researcher Tal Be'ery says an analysis of the leaked data implies it's valid - but pretty old.

""We compared some names in the leaked files against linkedin.com and found out that the names in the file were people who had worked for Adobe but no longer employed there," he says. "The list includes both Adobe and other companies’ email addresses, which suggests that this may be a customer related database, for example, Knowledge base, support, etc."