Data from nearly 7.5 millions of Adobe Creative Cloud users was exposed to the Internet by a password-free Elasticsearch database.
The information leaked included mainly details of customer accounts for the Adobe Creative Cloud service, but without passwords or stored payment information.
Exposed user data included email addresses, Adobe User IDs, country of origin and Adobe products they used. They also included the account creation date, last login date, whether the account belonged to an Adobe employee, and the status of the subscription (active or not).
The data report was discovered last week (Saturday 19 October) by Security Researcher Bob Diachenko of Security Discovery and Paul Bischoff, a technology journalist at CompariTech.
The researchers reported their findings to Adobe and the company secured the database the same day.
Diachenko and Bischoff hailed Adobe for its quick response and admitted that the data leak was not as serious as other leaks previously published, as it did not contain passwords, payment details or the real names of the company's customers.
However, it is not clear if anyone else was able to access this database and download its contents. The data could be used to send spam to users who had been exposed to their email addresses.
In particular, hackers could target active Adobe Premium account owners with phishing emails to obtain Adobe Creative Cloud accounts that, as you may know, cost a lot. These accounts could later be sold online in specialized Dark Web markets.
For its part, Adobe admitted exhibiting the information with a post on her blog on Friday, October 25.
It should be noted that this leak is not at all serious compared to Adobe's massive leak in 2013, where hackers acquired almost all the data from 38 millions of Adobe users. At that time, Adobe's breach was one of the biggest hacks that ever happened.