Adobe investigating alleged customer data breach

Adobe investigating alleged customer data breach

Information published on Pastebin includes hashed passwords, names and email addresses

Article comments

Adobe said this morning it is investigating the release of 230 names, email addresses and encrypted passwords claimed to have been stolen from a company database.

The information was released yesterday on Pastebin by a self-proclaimed Egyptian hacker named "ViruS_HimA." The hacker, who claimed the database accessed holds more than 150,000 records, posted links to several websites hosting a text file with 230 records.

"We have seen the claim and are investigating," said Wiebke Lips, senior manager with Adobe's corporate communications.

The hacker only released records with email addresses ending in "adobe.com," ".mil" and ".gov."

A look at the 230 records showed the full names, titles, organisations, email addresses, usernames and encrypted passwords of users in a variety of US government agencies, including the departments of Transportation and Homeland Security, the US State Department, the Federal Aviation Administration and state-level agencies, among others.

The published passwords are MD5 hashes, or cryptographic representations, of the actual plain-text passwords. It's a good security practice to only store hashes rather than the plain-text passwords, but those hashes can be converted back to their original state using free password-cracking tools and enough computing power.

Shorter passwords are easier to crack, especially if they contain no special characters and are, for example, just a word composed of lower-case letters. Many MD5 hashes that have already been reversed are available in lists freely available on the internet.

Some of the MD5 hashes released in the text file revealed simple passwords. That's particularly dangerous given that people tend to reuse passwords for other services. Hackers will typically try to use stolen credentials on sites such as Facebook and Twitter to see if they're valid.

Given that the data released on Tuesday includes names and organizations, hackers could act fast in an attempt to steal other information.

ViruS_HimA said that there's another data leak soon to be released from Yahoo.

Share:

Comments

Advertisement
Send to a friend

Email this article to a friend or colleague:


PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.


We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

ComputerworldUK Knowledge Vault

ComputerworldUK
Share
x
Open
* *