In a post on PasteBin on Tuesday, self-proclaimed Egyptian hacker ViruS_HimA claimed to have stolen information, including names, email addresses and encrypted passwords, from Adobe’s servers.
The hacker, who claimed that the accessed database held more than 150,000 records, wrote that the data included information on Adobe’s employees, customers and partners, including the US military, US Air Force, Google and Nasa.
However, the hacker said that they were "not looking to ruin Adobe business", choosing instead just to leak emails ending in adobe.com, .mil and .gov.
In a statement to Macworld on Wednesday, Adobe confirmed that it is looking into the breach. "We have seen the claim and are investigating," said Wiebke Lips, senior manager in Adobe’s corporate communications division.
In the PasteBin post, the hacker, who said that Yahoo would be the next target, criticised Adobe’s security measures.
"Adobe is a very big company but they don’t really take care of them [sic] security issues," it read, adding that Adobe takes five to seven days before responding when notified of security vulnerabilities, and three to four months to patch them.
"Such big companies should really respond very fast and fix the security issues as fast as they can," the hacker wrote. "Don’t be like Microsoft, Yahoo security teams, but be like Google security team."
Update: In a blog post late Wednesday, Adobe confirmed that it had closed its Connectusers.com website on Tuesday after its forum database had been breached.
"At this point of our investigation, it appears that the Connectusers.com forum site was compromised by an unauthorized third party," wrote Guillaume Privat of Adobe’s Connect product management and marketing division.
"It does not appear that any other Adobe services, including the Adobe Connect conferencing service itself, were impacted. We are in the process of resetting the passwords of impacted Connectusers.com forum members and will reach out to those members with instructions on how to set up new passwords once the forum services are restored," he wrote.
In September, Adobe admitted that it was the victim of hackers who breached the company’s code signing systems, which they used to sign malware with a valid digital certificate.
"We recently received two malicious utilities that appeared to be digitally signed using a valid Adobe code signing certificate," wrote Brad Arkin, engineering senior director at Adobe Systems.
"The discovery of these utilities was isolated to a single source. As soon as we verified the signatures, we immediately decommissioned the existing Adobe code signing infrastructure and initiated a forensics investigation to determine how these signatures were created," he added.