Recently Adobe accidentally allowed private details of nearly 7.5 million Creative Cloud accounts to be exposed to the public, putting those users at risk of scams and hacking attempts. First reported by Comparitech on Oct 25th, they discovered that account details for Adobe CC users were exposed in a database that could be accessed by anyone through use of a simple web browser. No passwords or security bypassing required!!
The account details included email addresses, creation dates, products used, current subscription status’, Country/region information, Adobe Employee or Member ID status, last login info, and payment status. The good news at least, is the specific details for payment information and passwords were not stored in this database.
Comparitech and Bob Diachenko, (a security researcher), notified Adobe of this problem immediately on the 19th of October and estimated that the issue was present for about a week before they caught it and locked it down. As of the time of this report, it’s unknown if anyone actually accessed the data while it was exposed.
Adobe was also quick to confirm the “vulnerability” in a security update to it’s blog;
At Adobe, we believe transparency with our customers is important. As such, we wanted to share a security update.
Late last week, Adobe became aware of a vulnerability related to work on one of our prototype environments. We promptly shut down the misconfigured environment, addressing the vulnerability.
The environment contained Creative Cloud customer information, including e-mail addresses, but did not include any passwords or financial information. This issue was not connected to, nor did it affect, the operation of any Adobe core products or services.
We are reviewing our development processes to help prevent a similar issue occurring in the future.Should you have any questions, we encourage you to contact us at:Â https://helpx.adobe.com/contact.html
According to Mashable, it’s believed the data was viewable for just over a week but it’s unclear exactly when the database was first publicly accessable or if there was any unauthorized access of it.
Again, the good news is that no password or payment information was exposed, but that’s of little comfort to most users out there since most of their other personal data could be misused or targeted for phishing scams.
So for the Adobe Creative Cloud users out there worried, be sure to pay close attention to any suspicious emails that may look like they’re coming from “Adobe” or their Employees, and be sure to be extra careful when you share any personal information about your Creative Cloud subscription. Also if you happen to get any of the possible phishing scam emails, to report them to Adobe’s official support accounts ASAP.