The software company Adobe was affected by a serious security breach this month which exposed the user records’ database of the company’s popular Creative Cloud service.
Adobe Creative Cloud or Adobe CC having around 15 million subscribers, is a subscription service which provides the users access to the company’s full suite of popular creative software for desktop and mobile, including Photoshop, Illustrator, Premiere Pro, InDesign, Lightroom, and many more.
At the beginning of this month, security researcher Bob Diachenko collaborated with the cybersecurity firm Comparitech to reveal an unsecured Elasticsearch database belonging to Adobe Creative Cloud subscription service that was accessible to anyone without the need of a password or authentication.
The database which was exposed by accident has now been secured and it included personal information of around 7.5 million Adobe Creative Cloud user accounts.
The exposed information included the users email addresses, account creation date, the Adobe products they subscribed to, subscription status, payment status, member IDs, country, time since the last login, is the user an Adobe employee.
The misconfigured cloud database however did not include any password or financial information such as credit card numbers. The data exposed in the breach can be used against Adobe Creative Cloud users in targeted phishing attacks and scams. The hackers can disguise themselves as Adobe or a related company and trick users into giving up further details.
Diachenko discovered the exposed database and has notified Adobe immediately on October 19. The company responded to the security incident and promptly shut down the misconfigured environment.
The incident did not affect the operation of any Adobe core products or services. However, it is still not known for how long the database containing records of 7.5 million Adobe Creative Cloud users was exposed before it was discovered.
It is not known whether the database had been accessed by anyone else before being discovered by the researcher. So it is necessary that the users should be suspicious of phishing emails, as it is what the cyber criminals usually do to trick users into giving up sensitive details like passwords and financial information.
Also it is advised that the users must check their bank and payment card statements for any unusual activity and report to the bank, if found any. Adobe also offers two-factor authentication that are recommended to the users to help them secure their accounts with an additional layer of security.