Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
eWEEK.com
Search
eWEEK.com
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Adobe Connect Security Breach Exposes Personal Data of 150K Users

    By
    ROBERT LEMOS
    -
    November 15, 2012
    Share
    Facebook
    Twitter
    Linkedin

      Adobe pulled down a forum for users of its video conferencing service, Adobe Connect, after a hacker successfully compromised the server and downloaded information on its 150,000 members.

      The information taken from the server included each member’s name, username, company, title and email address as well as the hashed version of their password. In a statement posted to Pastebin on Nov. 13, the hacker—who claimed to be Egyptian—said that he would publicly post only the information for Adobe employees and users that work for the U.S. Department of Defense or other government agencies.

      “I’m not looking to ruin Adobe business so i will leak only (those) emails,” the post stated.

      The compromise of Adobe’s ConnectUsers Forum is the latest breach of a major corporate Web service in the past two years. Hackers stole the passwords for 6.5 million LinkedIn users in June and leaked the passwords of approximately 400,000 Yahoo! Voices users in July.

      In a blog post on its Connect Blog, Adobe confirmed the compromise and briefly stated the steps it has taken to fix the issues, including pulling down the service on the evening of Nov. 13 and resetting the password of the affected users. The company will send out instructions to users on resetting their password once it restores the service, Adobe said in a statement.

      “It does not appear that any other Adobe services, including the Adobe Connect conferencing service itself, were impacted,” Guillaume Privat, director of Adobe’s Connect product said in the post.

      Adobe recommended that all users change their passwords and follow the practice of using a different password for every Web service.

      Password reuse is a major cause for concern when Web services are compromised. An attacker that compromises a minor site with poor security can use a password file to gain access to people’s accounts on sites and services with stronger security. Following the compromise of Yahoo Voices, for example, one security researcher found that 60 percent of the people who used both the Yahoo service and were also members of Sony Pictures, which was breached in 2011, used the same password.

      It will likely not be long before a significant portion of the password list is decrypted. Brute-force decryption techniques have advanced to the point where attackers can quickly decrypt the most common passwords from their hashes. For example, 80 percent of the list of LinkedIn password were decrypted.

      The attack comes as Adobe has made very public efforts to weed out the vulnerabilities in its widely used software, such as Adobe Acrobat and Flash. Since 2009, the company has focused on making its software harder to compromise and raising the level of effort that attackers have to expend to find and exploit vulnerabilities. Among the company’s major efforts: Adding automatic update mechanisms to its software and creating a secure product development lifecycle to find and fix vulnerabilities.

      Despite Adobe’s efforts, the hacker cited the company’s allegedly slow response to issues as the reason for the latest attack.

      “Adobe is a very big company but they don’t really take care of them security issues,” the hacker complained in the Pastebin post. “Such big companies should really respond very fast and fix the security issues as fast as they can.”

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      CHRIS PREIMESBERGER - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      CHRIS PREIMESBERGER - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      EWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      ZEUS KERRAVALA - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      WAYNE RASH - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Info

      © 2020 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×