If you’re an Adobe Creative Cloud subscriber, you’re going to want to be extra vigilant for phishing attempts.
Security publication Comparitech has discovered, in partnership with security researcher Bob Diachenko, that ‘Nearly 7.5 million Adobe Creative Cloud user records were left exposed to anyone with a web browser, including email addresses, account information, and which Adobe products they use.’
For obvious reasons, exactly how the information was discovered isn’t detailed, but Comparitech says Diachenko was able to capture email addresses, account creation dates, what Adobe products are in use, subscription status, whether or not a user is an Adobe employee, member IDs, time since the last login, home country and the current payment status of the compromised accounts. No payment information or passwords were visible in the breach, but these details could still be used to create very realistic phishing attempts, either via phone or email, to further obtain financial or secure information from users.
According to Comparitech, Diachenko notified Adobe of the exposed data on October 19, 2019 and within the day Adobe had secured the database. It’s unknown how long the database was vulnerable and whether or not anyone gained access to it, but Diachenko believes it was ‘exposed for about a week.’
This isn’t the first data breach Adobe has had. In October 2013, Adobe suffered a breach that affected at least 38 million users; three million encrypted credit card details were compromised and an unknown number of login credentials exposed. Source code to Adobe Photoshop, Acrobat, ColdFusion and ColdFusion Builder was also stolen in the breach.
Update (October 26,2019): We incorrectly stated in the headline ‘more than 7.5 million’ when it is ‘nearly 7.5 million.’ We have corrected the headline accordingly.