Establishing Digital Trust: Don't Sacrifice Security for Convenience
Adobe recently took its Connectusers.com forum offline following a data breach.
"At this point of our investigation, it appears that the Connectusers.com forum site was compromised by an unauthorized third party," Adobe's Guillaume Privat wrote in a blog post. "It does not appear that any other Adobe services, including the Adobe Connect conferencing service itself, were impacted."
"On Tuesday, a hacker named 'ViruS_HimA' claimed that he hacked into 'one of Adobe's servers' and copied a database containing email addresses, password hashes and other information of over 150,000 Adobe customers, partners and employees," writes Computerworld's Lucian Constantin.
"This was accompanied by a series of links to several websites hosting a file containing 230 records that reportedly feature the names, email addresses, usernames and encrypted passwords of people from several US government agencies," writes IT PRO's Caroline Donnelly.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
"The hacker said his motive for the attack was that Adobe doesn't take proper care of its security issues," writes The Inquirer's Lee Bell. "'When someone reports vulnerability to them, it take 5-7 days for the notification that they've received your report,' Virus_Hima said in the post. 'It even takes 3-4 months to patch the vulnerabilities.'"
"The hacker, who also goes by Adam Hima, told Dark Reading that the server he attacked was the Connectusers.com Web server, and that he exploited a SQL injection flaw to execute the attack," writes Dark Reading's Kelly Jackson Higgins. "'It was an SQL Injection vulnerability -- somehow I was able to dump the database in less requests than normal people do,' he says."
"ViruS_HimA may not be finished, though," writes PCMag.com's Stephanie Mlot. "The hacker warned that a Yahoo leak will be coming soon. 'It gonna be very hot leak,' the Pastebin document said."