Adobe is currently investigating reports of a compromise of a Connectusers.com forum database. These reports first started circulating late during the day on Tuesday, November 13, 2012. At this point of our investigation, it appears that the Connectusers.com forum site was compromised by an unauthorized third party. It does not appear that any other Adobe services, including the Adobe Connect conferencing service itself, were impacted. 

This issue only affects users who have an account on the Connectusers.com forum. Users who have not registered on this community forum will not be affected.

What is the Connectusers.com forum?

Connectusers.com is a public forum site used for individuals to discuss different topics and exchange ideas about the Adobe Connect product. It is not related to any Adobe Connect production system or any other Adobe services, and user credentials are not linked to an AdobeID.

Were the Adobe Connect Web conferencing services or other Adobe Services compromised?

It does not appear that any other Adobe services, including the Adobe Connect conferencing service itself, were impacted.

What is the extent of the compromise?

644 records were leaked by the hacker. However, the hacker claims that he accessed the entire forum database. The forum has a total of about 150,000 registered users. The records included the following:

• First Name
• Last Name
• Title (If provided by the user)
• Email
• Company (if provided by the user)
• User Name
• Hashed Password

While the leaked records included a phone number field, the phone number was generally not collected from the user.

Within the leaked records, there were .gov and .mil email address. How many .gov or .mil records have been exposed?

Out of the 644 leaked records, 442 had a .gov or .mil email address. Within the Connectusers.com database, out of 150,000 records, fewer than 700 had a .gov or .mil email address.

What steps did Adobe take to address the compromise?

Adobe first learned of the compromise late in the day on Tuesday, November 13, 2012. We immediately launched an investigation and took the following actions:

• The Connectusers.com forum site was taken offline in the evening of Tuesday, November 13, 2012.
• We reset the passwords of impacted Connectusers.com forum members and reached out to those members to alert them of the compromise.
• As a precaution, we reset the passwords for those users who were using the same email address as login credentials across multiple Adobe sites and services, including Adobe Connect. We reached out to those users impacted with instructions on how to change their passwords. Even though we do not have reason to believe any of these services were impacted, we took this step because some users may use the same or similar login credentials for multiple sites and services.
  

What has Adobe done with Connectusers.com?

We have taken down the Connectusers.com site as a precaution while we complete our investigation of this incident. We are working diligently to restore forum services as quickly as possible.

What will happen when Connectusers.com comes back online?

Immediately after temporarily suspending the Connectusers.com site, Adobe communicated directly to all impacted users that their passwords were reset by Adobe. When the site comes back online, all users of Connectusers.com will need to personally select new passwords. Further instructions will be provided directly to those users.

Is Adobe able to confirm how the attacker got in—whether it was a vulnerability in the server software?

We are still investigating how the compromise occurred.