Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon

Adobe confirms security vulnerability in one of their Elasticsearch servers that exposed 7.5 million Creative Cloud accounts

Save for later
  • 3 min read
  • 31 Oct 2019

article-image

Last week, Adobe admitted of being the victim of a serious security incident exposing the personal information of nearly 7.5 million users. The information belonged to the company’s popular Creative Cloud service.

Adobe Creative Cloud service has approximately 15 million subscribers, providing them access to a suite of popular Adobe products such as Photoshop, Lightroom, Illustrator, InDesign, Premiere Pro, Audition, After Effects, and many others.

The news was initially reported by security firm Comparitech. Comparitech partnered with security researcher Bob Diachenko to uncover the exposed database. They discovered that Adobe left an Elasticsearch server unsecured accessible on the web without any password or authentication required. The leak was plugged by Adobe after being alerted.

The official statement from Adobe reads, “Late last week, Adobe became aware of a vulnerability related to work on one of our prototype environments. We promptly shut down the misconfigured environment, addressing the vulnerability”.

The exposed database included details like:

  • Email addresses
  • Account creation date
  • Which Adobe products they use
  • Subscription status
  • Whether the user is an Adobe employee
  • Member IDs
  • Unlock access to the largest independent learning library in Tech for FREE!
    Get unlimited access to 7500+ expert-authored eBooks and video courses covering every tech area you can think of.
    Renews at €18.99/month. Cancel anytime
  • Country
  • Time since last login
  • Payment status


Adobe also admitted that the data did not include passwords, payment or financial information. Although there were no such sensitive information in the database, the consequence of such exposure can be increased possibility of targeted phishing email and scams.

“Fraudsters could pose as Adobe or a related company and trick users into giving up further info, such as passwords, for example,” Comparitech said. It’s therefore crucial that users turn on two-factor authentication to add a second layer of account protection.

Adobe is no stranger to data privacy problems; in October 2013, company suffered a similar kind of data breach that impacted 38 million users. Additionally, 3 million encrypted customer credit cards and login credentials for an unknown number of users were exposed.

The incident is not the only time instances of data breach headlines. In recent months, Ecuadorian, NordVPN, a popular Virtual Private Network and StockX, an online marketplace for buying and selling sneakers have had their users personal information left unprotected and exposed on the web. This clearly shows that tech companies still have a long way to go in order to achieve end to end secure networks and servers.

Following Capital One data breach, GitHub gets sued and AWS security questioned by a U.S. Senator


British Airways set to face a record-breaking fine of £183m by the ICO over customer data breach

US Customs and Border Protection reveal data breach that exposed thousands of traveler photos and license plate images