Computer software company, Adobe, suffered a security breach that exposed the personal information of nearly 7.5 million Adobe Creative Cloud users.
First, it’s worth noting that the exposed data did not include passwords or financial information. However, it did include:
- Email addresses
- Account creation date
- The Adobe products they subscribed to
- Subscription status
- Payment status
- Member IDs
- Time since the last login
- Is the user an Adobe employee
So, what happened?
Earlier this month, security researchers Bob Diachenko from Security Discovery and Paul Bischoff, a tech journalist for CompariTech, discovered an unsecured Elasticsearch database belonging to Adobe Creative Cloud subscription service. Even worse, anyone could access the database without a password or authentication.
The two notified Adobe who secured the server on the same day.
Additionally, the company published a blog post detailing the security incident.
“Late last week, Adobe became aware of a vulnerability related to work on one of our prototype environments. We promptly shut down the misconfigured environment, addressing the vulnerability.”
“This issue was not connected to, nor did it affect, the operation of any Adobe core products or services. We are reviewing our development processes to help prevent a similar issue occurring in the future.”