14 Nov 2012

Adobe Investigating Possible Leak of 150,000 Customer Database

A self-proclaimed Egyptian hacker named “ViruS_HimA”, claims to have breached an Adobe server and downloaded a customer database of more than 150,000 records.

Posting the hack on PasteBin, ViruS_HimA released only 230 names, email addresses, and encrypted passwords to back the validity of the attack. Containing email addresses of users from various US government agencies, including Homeland Security, the US State Department, and the Federal Aviation Administration, the data breach is under investigation by Adobe.

"We have seen the claim and are investigating," said Wiebke Lips, senior manager with Adobe's corporate communications.

Although the published passwords are MD5-encrypted, or cryptographic representations, they can still be converted back to plain-text by using password-cracking tools and proper computing power. Since most users have the same password on multiple accounts, they’ll typically try to connect to a victims’ Twitter or Facebook account by using the leaked password.

Only releasing email addresses ending with "adobe.com", ".mil" and ".gov”, the rest of the database could contain other similar addresses that are be at risk.

ViruS_HimA claims that another leak from Yahoo will be following soon, although no specific deadline was mentioned.