Adobe investigates alleged customer data breach
The information, published on Tuesday on Pastebin, includes hashed passwords, names and email addressses
IDG News Service - Adobe said Wednesday it is investigating the release of 230 names, email addresses and encrypted passwords claimed to have been stolen from a company database.
The information was released on Tuesday on Pastebin by a self-proclaimed Egyptian hacker named "ViruS_HimA." The hacker, who claimed the database accessed holds more than 150,000 records, posted links to several websites hosting a text file with 230 records.
"We have seen the claim and are investigating," said Wiebke Lips, senior manager with Adobe's corporate communications.
The hacker only released records with email addresses ending in "adobe.com," ".mil" and ".gov."
A look at the 230 records showed the full names, titles, organizations, email addresses, usernames and encrypted passwords of users in a variety of U.S. government agencies, including the departments of Transportation and Homeland Security, the U.S. State Department, the Federal Aviation Administration and state-level agencies, among others.
The published passwords are MD5 hashes, or cryptographic representations, of the actual plain-text passwords. It's a good security practice to only store hashes rather than the plain-text passwords, but those hashes can be converted back to their original state using free password-cracking tools and enough computing power.
Shorter passwords are easier to crack, especially if they contain no special characters and are, for example, just a word composed of lower-case letters. Many MD5 hashes that have already been reversed are available in lists freely available on the internet.
Some of the MD5 hashes released in the text file revealed simple passwords. That's particularly dangerous given that people tend to reuse passwords for other services. Hackers will typically try to use stolen credentials on sites such as Facebook and Twitter to see if they're valid.
Given that the data released on Tuesday includes names and organizations, hackers could act fast in an attempt to steal other information.
An email request for an interview with ViruS_HimA wasn't immediately returned. The hacker wrote there's another data leak soon to be released from Yahoo.
Send news tips and comments to email@example.com. Follow me on Twitter: @jeremy_kirk
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts