The U.S. multinational computer software company Adobe has recently suffered a serious security breach exposing the user records’ database that belongs to the company’s Creative Cloud service. The Adobe Creative Cloud or Adobe CC is a subscription service giving users, estimated around 15 million, access to the company’s full suite of popular creative software for desktop and mobile. This includes Photoshop, Illustrator, and InDesign, among many others.
Security researcher Bob Diachenko collaborated with cybersecurity firm Comparitech to uncover the unsecured Elasticsearch database belonging to the Adobe CC subscription service that was accessible to anyone without a password or authentication. The inadvertently exposed database, which has since been secured, contained personal information of nearly 7.5 million user accounts including email addresses, account creation date, product subscribed to, subscription statues, payment status, member IDs, country, time since last login, and if the user was an Adobe employee. Password and financial information like credit card numbers were not compromised though the data that was exposed is severe enough to highly target users with convincing phishing attacks. For example, fraudsters could use the information they do have to trick users into giving up additional information.
When Adobe was notified of the breach in mid-October, they immediately responded to the incident by shutting off public access to the database. The company is recommending users to be suspicious of phishing emails, and to stay vigilant for any unusual activity on any bank or credit cards. To learn more about the breach, and how to stay safe in the aftermath, visit here.