Data from nearly 7.5 millions of Adobe Creative Cloud users was exposed to the Internet by a password-free Elasticsearch database.
The information leaked included mainly details of customer accounts for the Adobe Creative Cloud service, but without passwords or stored payment information.
The data of exposed users included email addresses, Adobe member IDs (usernames), country of origin, and the Adobe products they used. They also included the date creationaccount number, last login date, whether the account was owned by an Adobe employee, and subscription status (active or not).
The data report was discovered last week (Saturday 19 October) by Security Researcher Bob Diachenko of Security Discovery and Paul Bischoff, a technology journalist at CompariTech.
The researchers they notified Adobe of their findings, and the company secured the database the same day.
Diachenko and Bischoff hailed Adobe for its quick response and admitted that the data leak was not as serious as other leaks previously published, as it did not contain passwords, payment details or the real names of the company's customers.
However, it is not clear if anyone else has also managed to access this database and downloaded its contents. The data could be used to spam users whose email addresses were exposed.
Specifically, hackers could target owners of active Adobe Premium accounts with phishing emails (Phishing) to get Adobe Creative Cloud accounts which as you may know are quite expensive. These accounts could later be sold online in specialized Dark Web marketplaces.
For its part, Adobe admitted exhibiting the information with a post on her blog on Friday, October 25.
It should be noted that this leak is not at all serious compared to Adobe's massive leak in 2013, where hackers acquired almost all the data from 38 millions of Adobe users. At that time, Adobe's breach was one of the biggest hacks that ever happened.
