Data from nearly 7.5 million Adobe Creative Cloud users was exposed online by a database data Elasticsearch that did not use a password.
The information leaked included mainly details of customer accounts for the Adobe Creative Cloud service, but without passwords or stored payment information.
Exposed user data included email addresses, Adobe User IDs, country of origin and Adobe products they used. They also included the account creation date, last login date, whether the account belonged to an Adobe employee, and the status of the subscription (active or not).
Η report των δεδομένων ανακαλύφθηκε την περασμένη εβδομάδα, (Σάββατο 19 Οκτωβρίου), από τον ερευνητή ασφαλείας Bob Diachenko της Security Discovery και τον Paul Bischoff, έναν δημοσιογράφο τεχνολογίας της CompariTech.
The researchers κοινοποίησαν στην Adobe τα ευρήματά τους και η company secured the database the same day.
Diachenko and Bischoff hailed Adobe for its quick response and admitted that the data leak was not as serious as other leaks previously published, as it did not contain passwords, payment details or the real names of the company's customers.
However, it is not clear if anyone else was able to access this database and download its contents. The data could be used to send spam to users who had been exposed to their email addresses.
In particular, hackers could target active Adobe Premium account owners with phishing emails to obtain Adobe Creative Cloud accounts that, as you may know, cost a lot. These accounts could later be sold online in specialized Dark Web markets.
For its part, Adobe admitted exhibiting the information with a post on her blog on Friday, October 25.
It should be noted that this leak is not at all serious compared to Adobe's massive leak in 2013, where hackers acquired almost all the data from 38 millions of Adobe users. At that time, Adobe's breach was one of the biggest hacks that ever happened.
