Data from nearly 7.5 millions of Adobe Creative Cloud users was exposed to the Internet by a password-free Elasticsearch database.
The information leaked included mainly details of customer accounts for the Adobe Creative Cloud service, but without passwords or stored payment information.
User information exposed included email addresses post officeh, Adobe member IDs (usernames), country of origin, and the Adobe products they used. They also included the account creation date, the last login date, whether the account was owned by an Adobe employee, and the subscription status (active or not).
Η έκθεση των δεδομένων ανακαλύφθηκε την περασμένη εβδομάδα, (Σάββατο 19 Οκτωβρίου), από τον ερευνητή ασφαλείας Bob Diachenko της Security Discovery και τον Paul Bischoff, έναν δημοσιογράφο τεχνολογίας της CompariTech.
The researchers shared their findings with Adobe and the company secured the database the same day.
Diachenko and Bischoff hailed Adobe for its quick response and admitted that the data leak was not as serious as other leaks previously published, as it did not contain passwords, payment details or the real names of the company's customers.
However, it is not clear if anyone else was able to access this database and download its contents. The data could be used to send spam to users who had been exposed to their email addresses.
Specifically, hackers could target owners of active Adobe Premium accounts with messages phishing to get Adobe Creative Cloud accounts which, as you may know, are quite expensive. These accounts could later be sold online in specialized Dark Web marketplaces.
For its part, Adobe admitted exhibiting the information with a post on her blog on Friday, October 25.
Θα πρέπει να αναφέρουμε ότι αυτή η διαρροή δεν είναι καθόλου σοβαρή σε σύγκριση με την μεγάλη διαρροή της Adobe το 2013, όπου οι hackers απέκτησαν σχεδόν όλα τα δεδομένα από 38 εκατομμύρια χρήστες της Adobe. Εκείνη την εποχή, η infringement της Adobe ήταν ένα από τα μεγαλύτερα hacks που είχαν συμβεί ποτέ.
