Adobe Hacker Says He Used SQL Injection To Grab Database Of 150, 000 User Accounts

[InfoSec News <alerts () infosecnews org>]

http://www.darkreading.com/database-security/167901020/security/attacks-breaches/240134996/adobe-hacker-says-he-used-sql-injection-to-grab-database-of-150-000-user-accounts.html

By Kelly Jackson Higgins
Dark Reading
Nov 14, 2012

Adobe today confirmed that one of its databases has been breached by a 
hacker and that it had temporarily taken offline the affected 
Connectusers.com website.

The attacker who claimed responsibility for the attack, meanwhile, told 
Dark Reading that he used a SQL injection exploit in the breach.

Adobe's confirmation of the breach came in response to a Pastebin post 
yesterday by the self-proclaimed Egyptian hacker who goes by 
"ViruS_HimA." He says he hacked into an Adobe server and dumped a 
database of 150,000 emails and passwords of Adobe customers and 
partners; affected accounts include Adobe employees, U.S. military users 
including U.S. Air Force users, and users from Google, NASA, 
universities, and other companies.

The hacker, who also goes by Adam Hima, told Dark Reading that the 
server he attacked was the Connectusers.com Web server, and that he 
exploited a SQL injection flaw to execute the attack. "It was an SQL 
Injection vulnerability -- somehow I was able to dump the database in 
less requests than normal people do," he says.

[...]


______________________________________________
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
http://www.shopinfosecnews.org