Adobe has shuttered a customer information sharing website temporarily after being informed that it was compromised by hackers. News of the intrusion surfaced late Tuesday, when a hacker claiming to be from Egypt took credit for the hack and proved it by releasing 644 records from the site, including emails. He said that the release was done to prove that Adobe is slow in fixing security issues with sites and products it releases.
The Adobe breach comes a week after Group-IB said it had uncovered a flaw in Adobe Reader capable of executing arbitrary code with the help of malicious PDF files using specially-crafted forms. Adobe claims to be investigating the hack, which is allegedly available on the black market for approximately $50,000.
Adobe said that its Connect web conferencing service and all other company sites were not breached. It is planning on resetting the passwords of the 150,000 members of support site connectusers.com.
The incident is the second major security problem involving Adobe this year. This summer, an internal digital code signing server was hacked by “sophisticated threat actors” focusing on Adobe. The early-July hack, publicly announced two months later, created a minimum of two malicious certificate files that were digitally signed and authenticated as Adobe genuine software.
