Adobe has confirmed that one of its websites, the Connectusers.com forum, has been compromised. An Egyptian hacker going by the name of ViruS_HimA has taken credit for the attack.“Adobe is currently investigating reports of a compromise of a Connectusers.com forum database. These reports first started circulating late during the day on Tuesday, November 13, 2012,” Guillaume Privat, the director of Adobe Connect, explained.
“At this point of our investigation, it appears that the Connectusers.com forum site was compromised by an unauthorized third party. It does not appear that any other Adobe services, including the Adobe Connect conferencing service itself, were impacted.”
As a result of the incident, the Connectusers.com forum has been taken offline. Furthermore, the passwords of affected users are being reset.
They will receive instructions on how to set up a new password once the forum services are back online.
The individual responsible for the hack claims that he is in the possession of 150,000 account details, although he has published only a few hundred of them.
Experts from security firm Sophos analyzed the leaked passwords before Adobe admitted to having suffered a breach.
They’ve highlighted the fact that the passwords are only hashed by using the MD5 algorithm, which is known to be weak. Furthermore, the hashes aren’t even salted, which allows almost anyone to decrypt the information and obtain the passwords in clear text.
“Cracking this latest password list yields up the words breeze and connect (Adobe product names) four times each. Other repeated passwords include the what-were-they-thinking-of choices 123456, letmein and welcome,” Sophos’ Paul Ducklin wrote in his analysis.
“A few users tried to mix it up a bit: c0ffee introduced a numeric character and Hello! included both upper case and punctuation. But modern password crackers don't even break their stride to figure out that sort of permutation.”
At the time of writing, Connectusers.com was still unavailable.