Δεδομένα από σχεδόν 7.5 εκατομμύρια χρήστες του Adobe Creative Cloud εκτέθηκαν στο Διαδίκτυο από μια βάση data Elasticsearch that did not use a password.
The information leaked included mainly details of customer accounts for the Adobe Creative Cloud service, but without passwords or stored payment information.
The data των χρηστών που εκτέθηκαν συμπεριελάμβαναν διευθύνσεις ηλεκτρονικού ταχυδρομείου, αναγνωριστικά μελών (ονόματα χρήστη) της Adobe, χώρα προέλευσης και τα products of Adobe they were using. They also included the account creation date, the last login date, whether the account was owned by an Adobe employee, and the subscription status (active or not).
The report of the data was discovered last week, (Saturday October 19), by the researcher security Bob Diachenko of Security Discovery and Paul Bischoff, a journalist technology της CompariTech.
The researchers reported their findings to Adobe and the company secured the database the same day.
Diachenko and Bischoff hailed Adobe for its quick response and admitted that the data leak was not as serious as other leaks previously published, as it did not contain passwords, payment details or the real names of the company's customers.
However, it is not clear if anyone else was able to access this database and download its contents. The data could be used to send spam to users who had been exposed to their email addresses.
In particular, hackers could target active Adobe Premium account owners with phishing emails to obtain Adobe Creative Cloud accounts that, as you may know, cost a lot. These accounts could later be sold online in specialized Dark Web markets.
For its part, Adobe admitted exhibiting the information with a post on her blog on Friday, October 25.
It should be noted that this leak is not at all serious compared to Adobe's massive leak in 2013, where hackers acquired almost all the data from 38 millions of Adobe users. At that time, Adobe's breach was one of the biggest hacks that ever happened.