Lost in speed
A hacker who said he was Egyptian posted a message on Pastebin with links to hundreds of records that he said belonged to Adobe employees and users of the company’s software, including employees of Google, NASA and the United States military, as well as academic institutions. The hacker claimed to have pilfered the records from an Adobe server which, he said, had records for some 150,000 Adobe employees and clients.
Adobe said in a blog post that it appeared that a discussion forum for users of its Adobe Connect conferencing software had been compromised. It said it had taken the forum offline and was resetting the passwords of its users.
The records posted by the hacker contain names, job titles, company affiliation, phone numbers, e-mail addresses, usernames and passwords that have been jumbled — or what security researchers call “hashed”– using an algorithm known as MD5, a widely used tool to produce unique digital fingerprints. But hashed passwords can be easily deciphered using readily available online services.
The hacker claimed to have alerted Adobe about the breach and said he carried it out, in part, to expose the company’s slow response time. In a message alongside the data dump, he complained that it took the company five to seven days to respond to vulnerability reports and another three to four months to patch them.
“Such big companies should really respond very fast and fix the security issues as fast as they can,” he said.
The hacker warned that he was planning another data dump, this time for Yahoo.
Hacker Claims to Have Breached Adobe - NYTimes.com