Adobe exposes 7 million Creative Cloud accounts online
Creative software giant Adobe has issued a security notice confirming the embarrassing exposure of over 7 million user accounts, potentially leaving users vulnerable to phishing scams.
On Friday, an Adobe blog entry titled “Security Update” disclosed that a misconfigured “environment” led to the exposure of customer information. The full announcement reads:
“At Adobe, we believe transparency with our customers is important. As such, we wanted to share a security update.
Late last week, Adobe became aware of a vulnerability related to work on one of our prototype environments. We promptly shut down the misconfigured environment, addressing the vulnerability.
The environment contained Creative Cloud customer information, including e-mail addresses, but did not include any passwords or financial information. This issue was not connected to, nor did it affect, the operation of any Adobe core products or services.
We are reviewing our development processes to help prevent a similar issue occurring in the future.”
The announcement is short on details. However, a report by Comparitech sheds more light on the issue. The site reportedly made the discovery in partnership with security researcher Bob Diachenko, who immediately notified Adobe. The company patched the flaw the same day (October 19).
The exposed Elasticsearch database held close to 7.5 million Creative Cloud user accounts and could be accessed without a password or any other authentication. It is estimated that the database exposed user data for about a week â€“ plenty of time for someone to exfiltrate the data and use it in phishing scams and fraud.
The report also mentions that, in addition to leaking emails, the exposed database held information like: account creation date; which Adobe products the user owns; subscription status; whether the user is an actual employee at Adobe; member ID; country; Time since last login; payment status. In other words, plenty of information to craft a highly-convincing phishing scam. There is no immediate indication that the exposed information has been compromised.
Ultimate Privacy Guide for Your Facebook Account
August 31, 2021
7 Signs It’s Time to Use Parental Controls On Your Family’s Devices
August 27, 2021
Your Netflix Account May Be on Sale on Darkweb. Protect It
August 13, 2021
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US
July 16, 2021
How to protect yourself against cyberstalking
July 06, 2021
FOLLOW US ON
You might also like
September 28, 2021