Data including personal information of about 7.5 million Adobe Creative Cloud users were exposed to all through a web browser. Bob Diachenko, the researcher behind the report, said that the private information of users was estimated to be present in an unprotected cache for about a week.
The leaked data included member ID, email address, payment status, last login details, nationality, and a few other things.
Adobe acknowledged the security flaw saying that it was a “vulnerability related to work on one of our prototype environments”.
However, the leaked data did not include any type of highly sensitive data such as users passwords or payment details like debit/credit card number, as confirmed by the tech website Comparitech. This information was later confirmed by Adobe through the acknowledgement.
Though the compromised data did not include any highly private information, the leaked data of millions of Creative Cloud users still poses a great threat since the collected information is enough to release phishing attacks and other malicious activities.
Bob Diachenko was able to discover Adobe’s unsecured Elasticsearch database by actively scanning the internet for unprotected databases. After confirming the vulnerability, he reported it to Adobe on 19th October and Adobe secured the unprotected database on the same day.
It is to be noted that this is not the first time Adobe has faced an issue something like this. Back in 2013, a data breach took place that affected over 38 million Adobe users and over 3 million users’ financial details were stolen by the hackers behind the attack.