Adobe data breach exposed almost 7.5 million Creative Cloud accounts to the public

Oct 26, 2019

Dunja Djudjic

Dunja Djudjic is a multi-talented artist based in Novi Sad, Serbia. With 15 years of experience as a photographer, she specializes in capturing the beauty of nature, travel, and fine art. In addition to her photography, Dunja also expresses her creativity through writing, embroidery, and jewelry making.

Adobe data breach exposed almost 7.5 million Creative Cloud accounts to the public

Oct 26, 2019

Dunja Djudjic

Dunja Djudjic is a multi-talented artist based in Novi Sad, Serbia. With 15 years of experience as a photographer, she specializes in capturing the beauty of nature, travel, and fine art. In addition to her photography, Dunja also expresses her creativity through writing, embroidery, and jewelry making.

Join the Discussion

Share on:

Adobe was recently hit with a massive data breach, exposing nearly 7.5 million Creative Clouds accounts to the public. Reportedly, a database containing sensitive user info was easily accessible to anyone through a web browser.

According to Mashable, security researcher Bob Diachenko and Comparitech were the first to discover the database. It contained the data for almost 7.5 million Creative Cloud accounts, including the following: email addresses, the Adobe products they are subscribed to, account creation date, subscription and payment status, local time zone, member ID, time of the last login, and whether they were an Adobe employee.

Comparitech claims that Diachenko discovered the open database on 19 October and reach out to Adobe immediately. Adobe acted promptly to address the issue and they secured the database on the same day. After securing the database, Adobe issued a statement regarding the data breach:

“At Adobe, we believe transparency with our customers is important. As such, we wanted to share a security update.

Late last week, Adobe became aware of a vulnerability related to work on one of our prototype environments. We promptly shut down the misconfigured environment, addressing the vulnerability.

The environment contained Creative Cloud customer information, including e-mail addresses, but did not include any passwords or financial information. This issue was not connected to, nor did it affect, the operation of any Adobe core products or services.

We are reviewing our development processes to help prevent a similar issue occurring in the future.”

Diachenko believes the data was left exposed for about a week, according to Mashable. However, it’s just an assumption. It’s not clear when the database first became publicly accessible or if there was any unauthorized access before it got secured.

Luckily, no passwords or credit card numbers were listed in the breached database. However, the other personal data can still be misused and used for phishing scams. Therefore, be sure to pay attention to any suspicious emails in the future that claim to be from Adobe or their employees and be careful with whom you share any personal information or details about your CC subscription.

[via Mashable]

Filed Under:

Tagged With:

Find this interesting? Share it with your friends!

Dunja Djudjic

Dunja Djudjic

Dunja Djudjic is a multi-talented artist based in Novi Sad, Serbia. With 15 years of experience as a photographer, she specializes in capturing the beauty of nature, travel, and fine art. In addition to her photography, Dunja also expresses her creativity through writing, embroidery, and jewelry making.

Join the Discussion

DIYP Comment Policy
Be nice, be on-topic, no personal information or flames.

Leave a Reply

Your email address will not be published. Required fields are marked *

24 responses to “Adobe data breach exposed almost 7.5 million Creative Cloud accounts to the public”

  1. Clarence Hemeon Avatar
    Clarence Hemeon

    Thanks for the info.

  2. Darla St Clair Sycamore Avatar
    Darla St Clair Sycamore

    Thanks

  3. Alexander Klarmann Avatar
    Alexander Klarmann

    …again? Didn’t they learn from the last massive breach…

    1. Michele Peterson Avatar
      Michele Peterson

      This is why I have 59 email accounts. If my Adobe account starts spewing spam, I’ll kill it and put Adobe on a new account. That way no other accounts will be hacked.

    2. Alexander Klarmann Avatar
      Alexander Klarmann

      Michele Peterson Yeah well I can easy use an alias and kill it again, but that isn’t the point. Sensible data needs responsible behaviour on the side that wants me to trust it with that.

  4. Alexandru Busuioceanu Avatar
    Alexandru Busuioceanu

    again?!

  5. Stefan Kohler Avatar
    Stefan Kohler

    I don’t care that much about these data breaches.
    But it made me think…

    7.5 million accounts … with roughly $10 per subscription, it’s 75 Million USD per month. It should be possible to hire a few beta testers and provide new versions that don’t turn your computer into a completely useless piece of electronics.

    Just sayin’.

    1. Christian Beinhölzl Avatar
      Christian Beinhölzl

      Stefan Kohler the question is how much of these accounts are still active. OK even if it’s 10 % it’s still 7.5 mills a month…

      1. Piotr Avatar
        Piotr

        Even if they are no longer active, you can run a phishing campaign using that data, along the lines of “Your subscription has been renewed, if this is a mistake cancel using this link within 24 hours” and then show a “please update your billing information to proceed” type form.

        But depending on how they define “Creative Cloud Account”, the breach might also include dummy accounts without an active subscription from people who were forced into signing up for an Adobe ID when downloading Adobe Reader so Adobe could spam them with email marketing.

        But what worries me more than the data leaked in the actual breach is how they could be so unprofessional as to use real live customer data in a “prototype environment”. That’s the equivalent of testing if the insulation material used in your house is fireproof by setting your actual house on fire instead trying with a small material sample.

    2. Piotr Avatar
      Piotr

      $10 is just for the photography bundle, most people (me included) are actually paying them a lot more than $10 a month.

      That being said, Photoshop, despite all its bloat, is one of the most stable and bug-free pieces of software for me. I couldn’t say the same about LR Classic or Premiere, though.

    3. JarFil Avatar
      JarFil

      Adobe is a publicly traded company, you can check their financial reports. They’re making closer to $250M/month.

      https://news.adobe.com/press-release/corporate/adobe-reports-record-revenue-8

  6. Bob Harris Avatar
    Bob Harris

    Thanks for notifying me Adobe. Why couldn’t I hear it from you versus seeing it on Facebook?

  7. Piotr Avatar
    Piotr

    That’s not the first time something like this happens, they also had a breach a few years ago where massive amounts of credit card numbers (mine included) were leaked. From an IT security point of view, it’s only a matter of time until photos stored in the Lightroom cloud service or files uploaded using the CC File Sync and CC Libraries feature will be leaked.

    I think only few photographers and other creatives are aware of the risk that using services like these brings (not just Adobe’s). Imagine a photographer in a market like boudoir having to explain to their clients why their personal photos are suddenly being passed around publicly on the internet without any way to ever remove them.

    The trouble is, Adobe’s newer software more and more starts leaving out support for local workflows. For instance, LR Mobile can’t be used with images on a NAS via WiFi or VPN, only with the Adobe cloud. That’s convenient and simple for a hobbyist, but unacceptable for most professional photographers that are liable for anything that happens with their clients’ photos.

    1. Renlish Avatar
      Renlish

      “Imagine a photographer in a market like boudoir having to explain to their clients why their personal photos are suddenly being passed around publicly on the internet without any way to ever remove them.”

      This is actually an old issue that has been happening for ages. Because many photographers are STUPID and use clients names as passwords or use extremely easy passwords to guess – like “welcome123” or “yourphotos123”. I used to trawl a forum that linked to “passworded” directories on hosted sites like SmugMug, Squarespace and Wix, not to mention the photographers own private websites. I spent a couple hours a week emailing photographers examples. None of them knew just how badly they’d let their clients down when it came to privacy. Now I just sit back and wait for the lawsuits to be reported.

      1. Piotr Avatar
        Piotr

        If that’s true, it would explain why Adobe doesn’t care about providing cloud-less workflows for LR mobile – apparently most of their users don’t care about these things either, at least not until everything comes crashing down on them, at which point Adobe will then probably start to play catch up. I mean, apparently they are not even using end to end encryption on LR Mobile photos.

        Since it’s only account metadata that was leaked this time, we’ll have to wait a bit longer for the big bang. Hopefully it’ll happen sooner than later. But by that time we will probably have alternatives from Serif, Luminar etc. anyway. Phase One with Capture One has unfortunately been awfully quiet about a tablet versions that go beyond just looking at photos with Capture Pilot.

  8. Sergi Yavorski Avatar
    Sergi Yavorski

    Since when have hackers become the public?

  9. Anthony Woodruffe Avatar
    Anthony Woodruffe

    I had to change my credit card last time because of these fudge nuggets…
    That’s it I’m getting Affinity. Adobe can die for all I care.

    1. Burt Johnson Avatar
      Burt Johnson

      Well, you better get rid of all your cards and go cash then. Doesn’t matter where you use your card, it is always possible to be stolen. Ain’t no such thing as a truly hack-proof system.

  10. Burt Johnson Avatar
    Burt Johnson

    This is going to happen everywhere. There is no assurance anywhere online is safe. It is an arms race, and as soon as the defense improves, so do the weapons to break through.

    Simply live accordingly. Use good passwords, and vary between online sites. Then, when one gets broken through, it doesn’t give the thieves access to others.

  11. Marko Avatar
    Marko

    yet, when trying to delete my credit card info from their records, it is impossible. You have to call support, that according to some can take long to get through, and ask them to do so. Why?

    I can take my credit card number from any other service but Adobe does not let you. Bad business practice.

    1. ditoiuc Avatar
      ditoiuc

      I use Revolut for online payments. You can generate a virtual credit card (VISA), use it and destroy it.

      1. Marko Avatar
        Marko

        Good to know. I will give it a look. Thanks.

  12. Freelance cameraman China/HK Avatar
    Freelance cameraman China/HK

    There is no privacy on internet.
    It’s just someone else computer.
    One day or another, it will be out for all to see.

  13. jason bourne Avatar
    jason bourne

    Just another reason to avoid using software that’s cloud-based.