Adobe was recently hit with a massive data breach, exposing nearly 7.5 million Creative Clouds accounts to the public. Reportedly, a database containing sensitive user info was easily accessible to anyone through a web browser.
According to Mashable, security researcher Bob Diachenko and Comparitech were the first to discover the database. It contained the data for almost 7.5 million Creative Cloud accounts, including the following: email addresses, the Adobe products they are subscribed to, account creation date, subscription and payment status, local time zone, member ID, time of the last login, and whether they were an Adobe employee.
Comparitech claims that Diachenko discovered the open database on 19 October and reach out to Adobe immediately. Adobe acted promptly to address the issue and they secured the database on the same day. After securing the database, Adobe issued a statement regarding the data breach:
“At Adobe, we believe transparency with our customers is important. As such, we wanted to share a security update.
Late last week, Adobe became aware of a vulnerability related to work on one of our prototype environments. We promptly shut down the misconfigured environment, addressing the vulnerability.
The environment contained Creative Cloud customer information, including e-mail addresses, but did not include any passwords or financial information. This issue was not connected to, nor did it affect, the operation of any Adobe core products or services.
We are reviewing our development processes to help prevent a similar issue occurring in the future.”
Diachenko believes the data was left exposed for about a week, according to Mashable. However, it’s just an assumption. It’s not clear when the database first became publicly accessible or if there was any unauthorized access before it got secured.
Luckily, no passwords or credit card numbers were listed in the breached database. However, the other personal data can still be misused and used for phishing scams. Therefore, be sure to pay attention to any suspicious emails in the future that claim to be from Adobe or their employees and be careful with whom you share any personal information or details about your CC subscription.