Another day, another database exposing sensitive information on the internet: this time, there were almost 7.5 million accounts Adobe Creative Cloud, including email address, subscription status and products used – such as Photoshop, Illustrator and After Effects.
Security researcher Bob Diachenko found an Elasticsearch database exposed on the internet. This open-source technology for search engines is capable of analyzing a lot of data in real time, but some companies forget to protect it with login and password – Adobe’s case.
The database included email address, Creative Cloud account creation date, subscribed products, subscription status, payment status, member ID, country of origin, time since last login, and whether the user was an employee from Adobe. Fortunately, passwords and credit card numbers were not included.
Still, this data is sensitive enough to cause problems for Creative Cloud subscribers. For example, it is possible to create phishing campaigns to deceive users, as the criminal would have details about the account that only Adobe should know about.
Diachenko contacted Adobe on October 19, and the company resolved the issue immediately. The researcher believes that the data was exposed for about a week.
The discovery was made in partnership with Comparitech, which “conducts security research involving web scans in search of exposed databases”. After finding unprotected information on the internet, she immediately notifies the owner.
Adobe confirms that database has been exposed
About 7.5 million Creative Cloud accounts were exposed. The service has approximately 15 million subscribers, and provides access to well-known programs, such as Photoshop, Lightroom, Illustrator, InDesign, Premiere Pro and After Effects.
In a statement, the company says: “at the end of last week, Adobe was alerted to a vulnerability related to the functioning of one of our prototype environments; we promptly disable the poorly configured environment ”.
She explains that the problem was not related to any major Adobe products or services, nor did it affect their functioning. “We are analyzing our development processes to help prevent a similar problem from occurring in the future,” promises the company.