Adobe Data Breach

Posted 11.20.12 by

Adobe confirmed on its blog a data breach originating on the Connectusers.com website. The hacker posted some of the data on Pastebin.

On November 15th, Adobe confirmed on its blog a data breach originating on the Connectusers.com website. The hacker, who calls himself “ViruS_HimA”, took credit for the attack, and in proof posted some of the data on Pastebin. He claims to have broken into an Adobe server, and from there was able to copy the information of around 150,000 users. This information includes their name, email addresses, and password hashes. The hacker said that he got this information by finding and exploiting a SQL Injection hole. Adobe hasn’t verified the number of users affected at this time.

The hacker explained also that he didn’t come across any roadblocks along the way, like a Web Application Firewall (WAF). A WAF would filter out HTTP requests that could be potentially dangerous, and is an important security measure. He also mentioned that the database contained unsalted MD5 hashes that could be cracked with relative ease.

Web Application Firewall

This brings up a couple security related tools that could be beneficial in preventing this sort of incident. One is the use of a WAF. Especially if a company has transactions happening on the site, protecting customer data is extremely important. The other is the use of proactive monitoring with features like File Integrity Monitoring (FIM) and daily log review. Having a human reviewing your logs increases the likelihood that if an attacker is working to gain access to your system, it can be caught and taken care of before data is accessed.  Having file integrity monitoring can also help quickly catch potentially malicious behavior and send alerts, so it can be resolved.

File Integrity Monitoring

Find out more about our Technical Security services.

About Otava

Otava provides the secure, compliant hybrid cloud solutions demanded by service providers, channel partners and enterprise clients in compliance-sensitive industries. By actively aggregating best-of-breed cloud companies and investing in people, tools, and processes, Otava’s global footprint continues to expand. The company provides its customers in highly regulated disciplines with a clear path to transformation through its effective solutions and broad portfolio of hybrid cloud, data protection, disaster recovery, security and colocation services, all championed by an exceptional support team. Learn more at www.otava.com.

Get in touch with an Otava Rep today – just provide us with a bit of information below to get started and we’ll reach out to you shortly!