Adobe suffered a serious security snafu earlier this month when security researcher Bob Diachenko, in collaboration with cybersecurity and privacy advocacy firm Comparitech, discovered an exposed database belonging to the company’s popular Creative Cloud subscription service. The records were accessible to anyone and did not require a password.
Thankfully, users’ passwords and payment details were not kept among the data that was exposed. However, a laundry list of personal information belonging to nearly 7.5 million Adobe Creative Cloud users was accessible via the database. This included:
- Email addresses
- Account creation date
- Which Adobe products they use
- Subscription status
- Whether the user is an Adobe employee
- Member IDs
- Time since last login
- Payment status
While the information itself was not sensitive, Comparitech says this degree of personal information can leave the affected users susceptible to highly targeted phishing attacks: scam emails that ‘fish’ for your credit card information or log-in credentials by posing as an official company.
Diachenko notified Adobe of the breach on October 19, and the company secured the data on the same day. It’s unclear how long the database was exposed before Diachenko discovered it, though he estimates it could have been a week. It’s also unknown if it had been accessed by nefarious actors before it was found, so Adobe Creative Cloud users should beware of any suspicious emails that claim to be from Adobe and ask for their credentials or any other sensitive information.
Adobe has not provided any comment on the incident at the time of writing.