Adobe investigates alleged customer data breach

The information, published on Tuesday on Pastebin, includes hashed passwords, names and email addressses

Adobe said Wednesday it is investigating the release of 230 names, email addresses and encrypted passwords claimed to have been stolen from a company database.

The information was released on Tuesday on Pastebin by a self-proclaimed Egyptian hacker named "ViruS_HimA." The hacker, who claimed the database accessed holds more than 150,000 records, posted links to several websites hosting a text file with 230 records.

"We have seen the claim and are investigating," said Wiebke Lips, senior manager with Adobe's corporate communications.

The hacker only released records with email addresses ending in "adobe.com," ".mil" and ".gov."

A look at the 230 records showed the full names, titles, organizations, email addresses, usernames and encrypted passwords of users in a variety of U.S. government agencies, including the departments of Transportation and Homeland Security, the U.S. State Department, the Federal Aviation Administration and state-level agencies, among others.

The published passwords are MD5 hashes, or cryptographic representations, of the actual plain-text passwords. It's a good security practice to only store hashes rather than the plain-text passwords, but those hashes can be converted back to their original state using free password-cracking tools and enough computing power.

Shorter passwords are easier to crack, especially if they contain no special characters and are, for example, just a word composed of lower-case letters. Many MD5 hashes that have already been reversed are available in lists freely available on the internet.

Some of the MD5 hashes released in the text file revealed simple passwords. That's particularly dangerous given that people tend to reuse passwords for other services. Hackers will typically try to use stolen credentials on sites such as Facebook and Twitter to see if they're valid.

Given that the data released on Tuesday includes names and organizations, hackers could act fast in an attempt to steal other information.

An email request for an interview with ViruS_HimA wasn't immediately returned. The hacker wrote there's another data leak soon to be released from Yahoo.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

Join the PC World newsletter!

Error: Please check your email address.

Tags securityAdobe Systemsdata breach

Struggling for Christmas presents this year? Check out our Christmas Gift Guide for some top tech suggestions and more.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeremy Kirk

IDG News Service

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Shopping.com

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?