Adobe is currently investigating reports of a compromise of a Connectusers.com forum database. These reports first started circulating late during the day on Tuesday, November 13, 2012. At this point of our investigation, it appears that the Connectusers.com forum site was compromised by an unauthorized third party. It does not appear that any other Adobe services, including the Adobe Connect conferencing service itself, were impacted.
This issue only affects users who have an account on the Connectusers.com forum. Users who have not registered on this community forum will not be affected.
Connectusers.com is a public forum site used for individuals to discuss different topics and exchange ideas about the Adobe Connect product. It is not related to any Adobe Connect production system or any other Adobe services, and user credentials are not linked to an AdobeID.
It does not appear that any other Adobe services, including the Adobe Connect conferencing service itself, were impacted.
644 records were leaked by the hacker. However, the hacker claims that he accessed the entire forum database. The forum has a total of about 150,000 registered users. The records included the following:
While the leaked records included a phone number field, the phone number was generally not collected from the user.
Out of the 644 leaked records, 442 had a .gov or .mil email address. Within the Connectusers.com database, out of 150,000 records, fewer than 700 had a .gov or .mil email address.
Adobe first learned of the compromise late in the day on Tuesday, November 13, 2012. We immediately launched an investigation and took the following actions:
We have taken down the Connectusers.com site as a precaution while we complete our investigation of this incident. We are working diligently to restore forum services as quickly as possible.
Immediately after temporarily suspending the Connectusers.com site, Adobe communicated directly to all impacted users that their passwords were reset by Adobe. When the site comes back online, all users of Connectusers.com will need to personally select new passwords. Further instructions will be provided directly to those users.
We are still investigating how the compromise occurred.