As per the reports, around 7.5 million Adobe Creative Cloud users were left exposed to internet threats as Elasticsearch database was left connected online without a password.
Contents
How Did This Happen?
According to the blog, Adobe left 7.5 million Creative Cloud user records were left exposed to online threats.
The exposed data mainly contend information about customer accounts. The passwords or financial information was still intact.
What Does The Data Contain?
The data included email addresses, Adobe member IDs (usernames), country of origin, and details about the Adobe products they were using.
It also included information about account creation date, the last date of their login, whether the account belonged to an Adobe employee, and subscription and payment status.
Who Detected This Anomaly?
This anomaly was detected by security researcher Bob Diachenko from Security Discovery and Paul Bischoff, a tech journalist for CompariTech last week on Saturday, October 19.
On notification of duo to the Adobe’s security team, they secured the server on the same day.
The researchers praised the Adobe team for quick response and fixing the problem immediately.
They also informed that the data leak was not that critical compared to the other threats they have found in the past in other company’s products.
They said that the exposed data did not contain any passwords, payment data, or even something as basic as customer names.
Is There Any Loophole?
Although they are not sure if someone else has accessed this database and downloaded its content already.
If the data caught in the wrong hands than they could use this data to send spam to the users who had their email addresses exposed.
By using this data, hackers can target owners of active Adobe premium accounts.
They could use this data to phishing emails to hijack high-value Creative Cloud accounts from owners.
Which can be used later on as they can be re-sold online, in the specialized dark web markets.
What Does Adobe Have To Say?
Adobe has already accepted the leak from their server in one of their blog posts on Friday, October 25.
They claimed that the incident occurred due to a misconfiguration in one of its “prototype environments” that caused the exposure of server on the internet.
This anomaly was nothing compared to the one happened in 2013 in Adobe in which hackers obtained full records, including encrypted payment details, for nearly 38 million Adobe users.
That was one of the biggest hacks ever happened in history.
Comments are closed, but trackbacks and pingbacks are open.