Photo

Password security is only as good as the weakest link. And on Wednesday, that weak link appeared to be Adobe Systems.

A hacker who said he was Egyptian posted a message on Pastebin with links to hundreds of records that he said belonged to Adobe employees and users of the company’s software, including employees of Google, NASA and the United States military, as well as academic institutions. The hacker claimed to have pilfered the records from an Adobe server which, he said, had records for some 150,000 Adobe employees and clients.

Adobe said in a blog post that it appeared that a discussion forum for users of its Adobe Connect conferencing software had been compromised. It said it had taken the forum offline and was resetting the passwords of its users.

The records posted by the hacker contain names, job titles, company affiliation, phone numbers, e-mail addresses, usernames and passwords that have been jumbled — or what security researchers call “hashed”– using an algorithm known as MD5, a widely used tool to produce unique digital fingerprints. But hashed passwords can be easily deciphered using readily available online services.

Some of the records appeared to be outdated. One record belongs to a person named Ben Tauber who is listed as a product manager at Adobe. A glance at Mr. Tauber’s LinkedIn profile, however, shows that he left Adobe in 2010 and now works at Google.

The hacker claimed to have alerted Adobe about the breach and said he carried it out, in part, to expose the company’s slow response time. In a message alongside the data dump, he complained that it took the company five to seven days to respond to vulnerability reports and another three to four months to patch them.

“Such big companies should really respond very fast and fix the security issues as fast as they can,” he said.

The hacker warned that he was planning another data dump, this time for Yahoo.