Adobe has admitted that some Creative Cloud customer information — 7.5 million records, according to the researchers who stumbled upon the data — was exposed recently due to a misconfiguration.
Researcher Bob Diachenko and Comparitech reported last week that they had identified an unprotected Elasticsearch database — the database was accessible without a password — storing Creative Cloud customer information.
The database contained email addresses and other account information, including account creation date, Adobe products used, subscription status, member ID, country, payment status, and time since last login. However, passwords or payment information were not exposed.
It’s unclear how many users were affected, but Comparitech and Diachenko reported counting 7.5 million records in the exposed database.
“The information exposed in this leak could be used against Adobe Creative Cloud users in targeted phishing emails and scams. Fraudsters could pose as Adobe or a related company and trick users into giving up further info, such as passwords, for example,” Comparitech said in a blog post.
The exposed data was discovered on October 19 and Adobe took steps to secure the database on the same day.
Adobe confirmed the incident and said it was related to one of its “prototype environments.”
“The environment contained Creative Cloud customer information, including e-mail addresses, but did not include any passwords or financial information. This issue was not connected to, nor did it affect, the operation of any Adobe core products or services,” Adobe said.
The company added, “We are reviewing our development processes to help prevent a similar issue occurring in the future.”
This was not the only significant data exposure uncovered recentl ..
Support the originator by clicking the read the rest link below.
