Oops — Adobe leaves 7.5 million Creative Cloud accounts exposed
Last Updated on by Segun Ayo
Earlier this month, Adobe was the victim of a serious security incident that exposed the personal information of nearly 7.5 million users belonging to the company’s popular Creative Cloud service.
Per security firm Comparitech, the software giant left an Elasticsearch server unsecured that was accessible on the web without any password or authentication. The leak, which was discovered on October 19, was plugged on the same day by Adobe upon alerting the company.
“Late last week, Adobe became aware of a vulnerability related to work on one of our prototype environments. We promptly shut down the misconfigured environment, addressing the vulnerability,” Adobe said.
The exposed database included details like email addresses, account creation dates, subscribed products, subscription statuses, payment statuses, member IDs, country of origin, time since last login, and whether they were Adobe employees.
With an estimated 15 million subscribers, Adobe Creative Cloud is a monthly subscription that gives users access to a suite of popular Adobe products such as Photoshop, Lightroom, Illustrator, InDesign, Premiere Pro, Audition, After Effects, and many others.
Although there were no passwords or financial information in the database, the consequence of such exposure is the increased possibility of targeted spear-phishing attacks.
“Fraudsters could pose as Adobe or a related company and trick users into giving up further info, such as passwords, for example,” the company said.
The incident is not the only time instances of leaky servers have drawn headlines. In recent months, Ecuadorian and Russian citizens, and US government personnel have had their personal info left unprotected on Elasticsearch servers, underscoring that there’s still a long way to go when it comes to cloud security.