Researchers spotted Data of nearly 7.5 million Creative Cloud users left exposed online.
The database was left unprotected for a week can be accessed by anyone with a web browser without any authentication.
Adobe creative cloud
Adobe creative cloud, the current market leader is a set of applications and services from Adobe system with 15 million subscribers giving access to a collection of software used for graphic design, video editing, web development, photography and many more.
The unsecured server was identified by Bob Diachenko along with U.K based cybersecurity firm Comparitech on October 19, 2019. The data was exposed through unsecured elastic search which could be accessed without a password or any other authentication.
Adobe secured the leak as soon as Diachenko reported his findings. Good news is that highly sensitive information like credit card details or passwords were not leaked but still, the data leak is a threat since the data can be used for phishing attacks and scams.
The exposure included the following data:
- Email address
- Account creation date
- Adobe products used
- Subscription status
- Whether the user is an Adobe employee
- Member IDs
- Time since the last login
- Payment status
It’s still unclear for how long the exposure of data remained or anyone gained access to it. Bob Diachenko estimates that the exposure of user date remained for about a week.
“With the details that have been exposed, a well-crafted spear-phishing campaign could gain an attacker entry into an organisation’s network from which they could deliver malicious code or engage in the lateral movement to company data,” Thom Bailey, cybersecurity strategist at Mimecast said.
What to do to be on the safer side?
- For an additional layer of security, Adobe users are recommended to enable two-factor authentication which helps them in securing their accounts.
- Creative Cloud users should be alert about the phishing emails pretending to be sent by Adobe which attempt to trick users into giving further details like passwords and financial information.
- Even though the database did not expose any financial information, it is better to keep an eye on your bank and payment card statements for any unusual activity.
Adobe has suffered a massive data leak even in 2013 which affected 38 million users and financial details of 3 million users were stolen by the perpetrators.
You may be interested in reading: Click2Mail Suffers Data Breach