



This morning I received the news of new attacks against Adobe, an Egyptian Hacker named ViruS_HimA hacked into Adobe servers and leaked private data.



The hacker claims to have violated Adobe servers gaining full access and dumping the entire database with more of 150,000 emails and hashed passwords of Adobe employees and customers/partner of the firm such as US Military, USAF, Google, Nasa DHL and many other companies.

The leaked file contains a list of for each account the following information:

Firstname

Lastname

Title

Phone

Email

Company

Username

Password hash

The hacker declare that his intent was far from to destroy the business of the company, that's why he posted data leaked related only to Adobe, and belonging the domains "*.mil" and ".gov".





Which is the motivation of the attack?

The attack hasn't a politic motivation, ViruS_HimA desire to demonstrate that despite Adobe is one of the most important company in IT landscape it leaks of a proper security defense. For the same reason the hacker announced that next target will be Yahoo.





The hacker specifically addresses the latency in the response to a vulnerability of the company, the patch management is too long, from the signal of a vulnerability to its fix may take many months.





"When someone report vulnerability to them, It take 5-7 days for the notification that they've received your report!! It even takes 3-4 months to patch the vulnerabilities! Such big companies should really respond very fast and fix the security issues as fast as they can.





"Don't be like Microsoft,Yahoo security teams!! but be like Google security team" Qouted from Hima.

I don't know exactly the response time of Adobe firm but I agree with the hackers, response time too long has already caused many security problem in the past, let's remind for example what is happened with Oracle Java vulnerabilities fixed on Mac systems months after the discovery.





Response time and incident response procedure are crucial factors for the management of vulnerabilities and restore of compromised systems.





The evidence of the attack

EXchangeable Image File data) to trace him: The hacker has posted the image of the .CSV file contains the data informing the readers that there wasn't EXIF (to trace him: https://i47.tinypic.com/2s6pjfa.jpg





The hacker also posted the leaked data at the following URL