Hacker made public that Adobe stolen 150 thousand items including customer information and password

Photo by @ matylda

Self-contained Egyptian hacker "ViruS_HimAIt is obvious that over 150,000 data including the mail address, passwords etc. of the US Army, Air Force, NASA, Google and other partners and customers were stolen by a person who claimed that Adobe's database was hacked by someone named him. became. This is revealed by Hacker himself, but this hacker does not intend to release all the information on the net, but comments that I want you to review Adobe's security system.

Adobe data leak by Virus_Hima - Pastebin.com
http://pastebin.com/Bf9uv4hR


Adobe investigating customer data breach by hacker 'ViruS_HimA' - Techworld.com
http://news.techworld.com/security/3410894/adobe-investigating-customer-data-breach-by-hacker-virushima/


Adobe Hacker Says He Used SQL Injection To Grab Database Of 150,000 User Accounts - Dark Reading
http://www.darkreading.com/database-security/167901020/security/attacks-breaches/240134996/adobe-hacker-says-he-used-sql-injection-to-grab-database-of-150-000-user-accounts.html


The attacker named himself "ViruS_HimA" and he self-named it as an Egyptian hacker, but since he also writes "I was born in 1337: P", it is unknown whether it is really an Egyptian.

This self-proclaimed Egyptian hacker HimA,SQL injectionTo break into Connectusers.com which is a server of web conferencing software "Adobe Connect". With full access right, we have received more than 150,000 customer personal information including server e-mail address and password from Adobe and "Adobe Employee" "American Army" "American Air Force" "Google" "NASA" "edu Participants' information (including the email address and password here) such as stolen.

According to HimA, "I'm not going to hurt Adobe's business" and I do not intend to disclose customer personal information, but since the mail address (@) is "adobe.com" " * .mil "and" *. Gov "are going to be released with screenshots as proof of hacking.

Part of the data actually released by HimA as a sample. As you can see, it seems that it seems that you get information on Adobe, US military, government officials, and so on.


Regarding the reason for hacking, Adobe is a very big company, so even if we receive vulnerability reports due to security issues it took 5-7 days to notify, it took 3-4 months to actually respond , It is said that if you are a major company you should react more quickly and resolve as soon as possible. HimA commented, "Do not be like Microsoft's and Yahoo's security team, it should be like Google's security team."

Guillaume Privat Director of Adobe Connect acknowledges that this hacking is the fact and is advancing the password reset strategy about the affected account.

Security researcher Tal Beery investigated the published part of the list and found that the person who has already retired from Adobe is still in office and that he / Because we see differences, I guess that the database being hacked is older than the database being hacked.

HimA concludes that "criminal statement" is "next is Yahoo!", and it is expected that similar activities will continue in the future.