Once again, a prominent technology firm has made a blunder with regard to users’ privacy. This time, Adobe inadvertently exposed around 7.5 million user records publicly. As reported, Adobe left the data of Creative Cloud users on an unsecured server.
Adobe Exposed Creative Cloud Users Records
Security researcher Bob Diachenko, together with Comparitech, once again discovered an unsecured database. This time, they found Adobe to have left the data of its users on a publicly accessible server.
Specifically, the researchers discovered an unsecured Elasticsearch database containing data of Adobe Creative Cloud users. Anyone with access to the internet could easily view the data without requiring any authentication.
The unprotected server contained around 7.5 million records of the users. The data included personal information of the individuals, such as email addresses, Member ID, country, date of account creation, subscription status, payment status, Adobe products in use, and time since last login. It also leaked information about whether the user is an Adobe employee or not.
Despite the explicit personal information it leaked, the unsecured database did not expose any financial data or passwords.
Adobe Secured The Server
The researchers discovered the unsecured database on October 19, 2019. Upon discovering the database, they immediately notified Adobe about it. Following their report, the company secured the database the same day.
However, Diachenko estimates that the database remained publicly accessible for about a week. Moreover, it also remains unconfirmed whether anyone else has accessed the database during this time.
Although, the exposed records did not contain any sensitive information about the users, such as account passwords, bank data or credit card details. Nonetheless, the extent of information still poses a threat of phishing attacks to the users. As stated by Comparitech in their report,
The information exposed in this leak could be used against Adobe Creative Cloud users in targeted phishing emails and scams. Fraudsters could pose as Adobe or a related company and trick users into giving up further info, such as passwords, for example.
Hence, the users must remain very careful should they receive any emails posing from Adobe that ask for passwords or sensitive data.