Adobe exposed personal data of 7.5 million Creative Cloud users in unsecured database
The personal data of nearly 7.5 million Adobe Creative Cloud users was exposed earlier this month when an unsecured database was discovered online.
The database, which could be accessed by anyone without the need for a username or password, included information such as email addresses, member IDs and payment status. People accessing the database were also able to see which Adobe products were used by individuals, the country they live in, and whether they are Adobe employees.
- Adobe issues patches to fix scores of bugs in Adobe Acrobat and Reader, plus other software
- US sanctions force Adobe to close down user accounts in Venezuela with no refunds
- Twitter reveals 2FA security data has 'inadvertently been used for advertising purposes'
Comparitech worked with security researcher Bob Diachenko and determined that the database had been available online for at least a week. Diachenko notified Adobe about the discovery on October 19, and the company responded very quickly, securing the database the very same day.
The full list of data exposed in the leaky Elasticsearch database is as follows:
- Email addresses
- Account creation date
- Which Adobe products they use
- Subscription status
- Whether the user is an Adobe employee
- Member IDs
- Time since last login
- Payment status
While the exposed data was not particularly sensitive, it still placed Adobe customers at risk, as Comparitech explains:
The information exposed in this leak could be used against Adobe Creative Cloud users in targeted phishing emails and scams. Fraudsters could pose as Adobe or a related company and trick users into giving up further info, such as passwords, for example.
The information does not pose a direct financial or security threat. No credit cards or other payment information was exposed, nor were any passwords.
Although we know from Comparitech that the database has now been secured, Adobe has not yet offered any comment on the incident.