Adobe left data of 7.5 million users in public access
Last week, information security specialist Bob Diachenko from Security Discovery and CompariTech journalist Paul Bischoff discovered an Elasticsearch publicly available database. Adobe-owned database simply forgot to protect with the password.
The database contained information about accounts of 7.5 million users of Adobe Creative Cloud.“We do not know when, exactly, the database first appeared, but Diachenko estimates it was exposed for about a week. We do not know whether anyone else gained unauthorized access to the database in the meantime”, — writes Paul Bischoff.
Fortunately, the leak did not affect passwords and financial information: in the database can be found email addresses, Adobe IDs (user names), information about the user’s country of residence and which Adobe products he uses. In addition, the database contained data on the date of creation of the account, the last date of login into the system, the status of subscription and payment, as well as a note on the account belonging to an Adobe employee.
Dyachenko and Bischoff notified Adobe of the leak on October 19, 2019, and the company fixed the problem the same day.
Read also: US White House puts itself at risk of hacking
Although the database that was unsecured did not contain financial and important confidential details in the user data (for example, names), attackers can still use it to send spam and organize phishing attacks. For example, owners of Adobe premium accounts can become targets of attackers, and phishing will be aimed at hijacking Creative Cloud accounts for the purpose of their subsequent resale.
Adobe representatives have already pleaded guilty for what happened and assured that they will engage in a review of their development processes.
“Late last week, Adobe became aware of a vulnerability related to work on one of our prototype environments. We promptly shut down the misconfigured environment, addressing the vulnerability.This issue was not connected to, nor did it affect, the operation of any Adobe core products or services. We are reviewing our development processes to help prevent a similar issue occurring in the future”, — reported in Adobe.
Adobe Creative Cloud is a subscription service that gives users access to a suite of popular Adobe products such as Photoshop, Lightroom, Illustrator, InDesign, Premiere Pro, Audition, After Effects, and many more. Adobe replaced its single-purchase, perpetual license model with the cloud subscription model in 2013.
By some estimates, Creative Cloud has approximately 15 million subscribers.