11-20-12 | Blog Post
On November 15th, Adobe confirmed on its blog a data breach originating on the Connectusers.com website. The hacker, who calls himself “ViruS_HimA”, took credit for the attack, and in proof posted some of the data on Pastebin. He claims to have broken into an Adobe server, and from there was able to copy the information of around 150,000 users. This information includes their name, email addresses, and password hashes. The hacker said that he got this information by finding and exploiting a SQL Injection hole. Adobe hasn’t verified the number of users affected at this time.
The hacker explained also that he didn’t come across any roadblocks along the way, like a Web Application Firewall (WAF). A WAF would filter out HTTP requests that could be potentially dangerous, and is an important security measure. He also mentioned that the database contained unsalted MD5 hashes that could be cracked with relative ease.
This brings up a couple security related tools that could be beneficial in preventing this sort of incident. One is the use of a WAF. Especially if a company has transactions happening on the site, protecting customer data is extremely important. The other is the use of proactive monitoring with features like File Integrity Monitoring (FIM) and daily log review. Having a human reviewing your logs increases the likelihood that if an attacker is working to gain access to your system, it can be caught and taken care of before data is accessed. Having file integrity monitoring can also help quickly catch potentially malicious behavior and send alerts, so it can be resolved.
Find out more about our Technical Security services.