Data Loss: Adobe Hacker Says He Used SQL Injection To Grab Database Of 150, 000 User Accounts

Data Loss mailing list archives

Adobe Hacker Says He Used SQL Injection To Grab Database Of 150, 000 User Accounts

From: security curmudgeon <jericho () attrition org>
Date: Thu, 15 Nov 2012 11:58:59 -0600 (CST)



---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://www.darkreading.com/database-security/167901020/security/attacks-breaches/240134996/adobe-hacker-says-he-used-sql-injection-to-grab-database-of-150-000-user-accounts.html

By Kelly Jackson Higgins
Dark Reading
Nov 14, 2012

Adobe today confirmed that one of its databases has been breached by a 
hacker and that it had temporarily taken offline the affected 
Connectusers.com website.

The attacker who claimed responsibility for the attack, meanwhile, told 
Dark Reading that he used a SQL injection exploit in the breach.

Adobe's confirmation of the breach came in response to a Pastebin post 
yesterday by the self-proclaimed Egyptian hacker who goes by "ViruS_HimA." 
He says he hacked into an Adobe server and dumped a database of 150,000 
emails and passwords of Adobe customers and partners; affected accounts 
include Adobe employees, U.S. military users including U.S. Air Force 
users, and users from Google, NASA, universities, and other companies.

The hacker, who also goes by Adam Hima, told Dark Reading that the server 
he attacked was the Connectusers.com Web server, and that he exploited a 
SQL injection flaw to execute the attack. "It was an SQL Injection 
vulnerability -- somehow I was able to dump the database in less requests 
than normal people do," he says.

[...]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.

By Date By Thread

Current thread:

Adobe Hacker Says He Used SQL Injection To Grab Database Of 150, 000 User Accounts security curmudgeon (Nov 15)