An Egyptian hacker claims to have breached one of Adobe’s servers and gotten his hands on a database containing over 150,000 records belonging to Adobe’s customers.
For the time being, he leaked only a text document containing 202 complete records of Adobe employees and 230 of users employed by the US military, government, NASA and a number of educational institutions.
The records contain names, titles, company, phone numbers, email addresses, usernames and MD5 hashes of passwords, which are easily changed back to their plain-text state by using one of the many password cracking tools out there.
In fact, some of the more simple passwords can be found out by simply employing free online MD5 crackers, which have at their disposal immense databases of hashes to compare these hashes with.
I’ve tried to put the hashes into one of these crackers and received back passwords such as “Adobe”, “sesame”, “studyhard”, and a variety of first names, but many of the passwords were more complex.
Adobe has confirmed that it has mounted an investigation into the matter but is yet to confirm or repudiate the hacker’s claims. In the meantime, I’m sure they have reset the leaked passwords if they indeed belonged to their customers.
But the real problem with leaks such as these is that people are prone to reusing passwords for different accounts – even for the most important ones such as email or social media accounts.
You can be sure that there are hackers out there right now trying out the leaked login credentials on a variety of online services.
In the meantime, the hacker has shared that he will be contacting Adobe’s Security Team – he claims the leak is just a way to make them patch holes faster – and has announced a leak of data belonging to Yahoo.