An Egyptian Hacker named ViruS_HimA hacked
into Adobe servers and leaked private data. The hacker claims to have
violated Adobe servers gaining full access and dumping the entire database with
more of 150,000 emails and hashed passwords of Adobe employees and
customers/partner of the firm such as US Military, USAF, Google, Nasa DHL and
many other companies.
The leaked file contains a list of
for each account the following information:
- Firstname
- Lastname
- Title
- Phone
- Company
- Username
- Password hash
The hacker declare that his intent
was far from to destroy the business of the company, that's why he posted data
leaked related only to Adobe, and belonging the domains "*.mil" and
".gov".
Which is the motivation of the
attack?
The attack hasn't a politic
motivation, ViruS_HimA desire to demonstrate that despite Adobe is one of the
most important company in IT landscape it leaks of a proper security defense.
For the same reason the hacker announced that next target will be Yahoo.
The hacker specifically addresses the
latency in the response to a vulnerability of the company, the patch management
is too long, from the signal of a vulnerability to its fix may take many
months.
"When someone report
vulnerability to them, It take 5-7 days for the notification that they've
received your report!! It even takes 3-4 months to patch the vulnerabilities!
Such big companies should really respond very fast and fix the security issues
as fast as they can.
"Don't be like Microsoft,Yahoo
security teams!! but be like Google security team" Qouted from Hima.
I don't know exactly the response
time of Adobe firm but I agree with the hackers, response time too long has
already caused many security problem in the past, let's remind for example what
is happened with Oracle Java vulnerabilities fixed on Mac systems months after
the discovery.
Response time and incident response
procedure are crucial factors for the management of vulnerabilities and restore
of compromised systems.
The evidence of the attack
The hacker has posted the image of
the .CSV file contains the data informing the readers that there wasn’t EXIF
(EXchangeable Image File data) to trace him: http://i47.tinypic.com/2s6pjfa.jpg
The hacker also posted the leaked
data at the following URL
Meanwhile the official communication
has been posted on PasteBin ( http://pastebin.com/Bf9uv4hR ). We await
an official statement from Adobe on the event.
We came to know that, Hacker is able to upload the php shell on the Adobe website (may be using a LFI) and then he look for database configuration file to get credentials. After that hacker get into the database server and export the complete database.
Update: In a blog post, Adobe confirm that their "Adobe Connect conferencing service" forum http://connectusers.com/ is compromised and this database actually belongs to their forum only. Also Adobe confirm that "not appear that any other Adobe services effected"
For Security reasons Adobe team put http://connectusers.com/ under maintenance mode and fixing the issue. "We are in the process of resetting the passwords of impacted Connectusers.com forum members and will reach out to those members with instructions on how to set up new passwords once the forum services are restored."
0 comments:
Post a Comment