PR Newswire breach linked to Adobe exploit

Posted by on Oct 22, 2013

Image from http://www.dataprivacynetwork.com

Image from http://www.dataprivacynetwork.com

In a previous blog, I discussed the data breach at Adobe Systems from earlier this month. That breach exposed the personal information of 2.9 million customers and the source code of major Adobe products like Adobe Acrobat, Cold Fusion and others. From the recent revelations made by KrebsOnSecurity, it looks like the same hacker group was responsible for the security breach at press release distribution service PR Newswire. The hackers managed to steal a database containing usernames and encrypted passwords from PR Newswire. The stolen data was found on the same hacker server where the stolen source code of Adobe was found recently.

As per a blogpost by Hold Security, the same group of cybercriminals were responsible for data breaches at Dun and Bradstreet, LexisNexis and Kroll Background America. The PR Newswire archive that was found on the hacker’s server appears to be from March 8th 2013; however, it is still unclear if the hack happened on the same date or later because the archive was created on April 22nd. Hold Security worked with independent journalist Brian Krebs who alerted PR Newswire regarding the security breach.

PR Newswire notified Krebs that there were approximately 10,000 user records in the compromised database, but the number of affected users might be less because people generally maintain multiple accounts. The company said in a recent statement that they are “conducting an extensive investigation” to the breach and from the preliminary investigation it looks like the customer payment data was not compromised as a result of the attack.

“We recently learned that a database, which primarily houses access credentials and business contact information for some of our customers in Europe, the Middle East, Africa and India, was compromised. We are conducting an extensive investigation and have notified appropriate law enforcement authorities. Based on our preliminary review, we believe that customer payment data were not compromised.

As a precautionary measure, we have implemented a mandatory password reset for all customers with accounts on this database. As a general practice, we recommend that our customers use strong passwords and regularly update them, not just on PR Newswire but on any website requiring login credentials. From an internal perspective, we continue to implement security improvements and additional protocols to help further protect user portals and customer and proprietary information”.

If the passwords were cracked, it might have been possible for the hackers to upload false earning warnings or similar fake news in order to manipulate stock prices and profit from the resulting confusion. However, nothing like this has happened so far. Another interesting thing that was revealed from this hack, was attack based on ColdFusion exploits. It seems earlier this year attack based on ColdFusion exploits was launched against multiple PR Newswire networks. The security breach might be the result of that attack. There is a coincidence between the Adobe and PR Newswire data breaches, as in both cases the hackers targeted vulnerabilities in the ColdFusion web application development platform.

Image from http://informationsecurityhq.com

Image from http://informationsecurityhq.com

In response to the data breach, the company has implemented mandatory password reset for its customers because the database containing encrypted user password was stolen. The passwords were hashed, so it is difficult to decrypt it and retrieve the original plaintext information. But the hash can be used to validate information inputted at a later time by rehashing it and comparing the results. However some hash can be cracked using brute-force attack method. The only way to resist such attacks is by creating strong and hard to crack password, using complex hashing algorithms, and other strengthening methods like salts. Therefore it is always a good practice to use strong passwords (at least 8-digit long and combination of letters, numbers and special characters). In case the password or password hash is stolen, the account owners should change the passwords for all websites where they might have used them.

Ninan Chacko, PR Newswire’s CEO said that “as a general practice, we recommend that our customers use strong passwords and regularly update them, not just on PR Newswire but on any website requiring login credentials.”

SpiderOak Blue for Enterprises:

Finding a truly secure third party cloud service can be a challenge as many services on the market have security gaps that leave private data vulnerable to third party attacks. One cloud storage and sync service that sets itself apart is SpiderOak Blue. This service provides enterprises with a fully private cloud service featuring all of the benefits of cloud storage along with 100% data privacy. And for the average web user, SpiderOak offers the same protections with lower costs and smaller storage space. You can signup for this product now.

SpiderOak Blue protects sensitive enterprise data through two-factor password authentication and 256-bit AES encryption so that files and passwords stay private as unreadable blocks of data. Two-factor authentication is just like the process used by some financial services that require a PIN as an extra precaution along with a password in order to log in. With SpiderOak, enterprises that choose to use two-factor authentication must submit a private code through text along with their unique encrypted password. Authorized accounts can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices (SpiderOak never hosts any plaintext data). SpiderOak Blue’s cross-platform private cloud services are available for enterprises on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices.



Leave a Reply