Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×
Security IT

Hacker Grabs 150k Adobe User Accounts Via SQL Injection 64

Posted by samzenpus
from the breaking-in dept.
CowboyRobot writes "Adobe today confirmed that one of its databases has been breached by a hacker and that it had temporarily taken offline the affected Connectusers.com website. The hacker, who also goes by Adam Hima, told Dark Reading that the server he attacked was the Connectusers.com Web server, and that he exploited a SQL injection flaw to execute the attack. 'It was an SQL Injection vulnerability, somehow I was able to dump the database in less requests than normal people do,' he says. Users passwords for the Adobe Connectusers site were stored and hashed with MD5, he says, which made them 'easy to crack' with freely available tools. And Adobe wasn't using WAFs on the servers, he notes. Tal Beery, a security researcher at Imperva, analyzed the data dump in the Connectusers Pastebin post and found that the list appears to be valid and that the hacked database was relatively old."
This discussion has been archived. No new comments can be posted.

Hacker Grabs 150k Adobe User Accounts Via SQL Injection

Comments Filter:

The price one pays for pursuing any profession, or calling, is an intimate knowledge of its ugly side. -- James Baldwin

Working...