Adobe leaks half of its cloud user data

[williamcll]

Last week, security researchers discovered a database that could be accessed without the use of a password, the leak was patched on the same day.

Quote

Nearly 7.5 million Adobe Creative Cloud user records were left exposed to anyone with a web browser, including email addresses, account information, and which Adobe products they use.

Comparitech partnered with security researcher Bob Diachenko to uncover the exposed database. The Elasticsearch database could be accessed without a password or any other authentication.

Diachenko immediately notified Adobe on October 19 and the company secured the database on the same day.

Timeline of the exposure

Upon discovering the exposed data, Diachenko immediately took steps to notify Adobe.

• October 19, 2019 – Security researcher Diachenko discovered the exposed data and immediately notified Adobe.
• October 19, 2019 – Adobe secured the instance.

We do not know when, exactly, the database first appeared, but Diachenko estimates it was exposed for about a week. We do not know whether anyone else gained unauthorized access to the database in the meantime.

What information was exposed?

The exposed user data wasn’t particularly sensitive, but it could be used to create phishing campaigns that target the Adobe users whose emails were leaked. The following user data was included:

• Email addresses
• Account creation date
• Which Adobe products they use
• Subscription status
• Whether the user is an Adobe employee
• Member IDs
• Country
• Time since last login
• Payment status

The data did not include payment information or passwords.

Dangers of exposed data to Adobe Creative Cloud users

The information exposed in this leak could be used against Adobe Creative Cloud users in targeted phishing emails and scams. Fraudsters could pose as Adobe or a related company and trick users into giving up further info, such as passwords, for example.

The information does not pose a direct financial or security threat. No credit cards or other payment information was exposed, nor were any passwords.

 

Comparitech conducts security research that entails scanning the web for exposed databases. When we uncover a database that hasn’t been properly secured and allows unauthorized access, we immediately notify the owner.

Our aim is to mitigate potential harm to end users. Bob Diachenko leans on his extensive cybersecurity experience to quickly uncover breaches, analyze the data, and track down the responsible organization.

Once the database has been secured, we write a report like this one to help notify affected users and make them aware of the risks. We hope our work can make users safer and limit abuse by malicious parties.

Source:https://www.comparitech.com/blog/information-security/7-million-adobe-creative-cloud-accounts-exposed-to-the-public/

https://thenextweb.com/security/2019/10/28/oops-adobe-leaves-7-5-million-creative-cloud-accounts-exposed/

Thoughts: While it is not a serious at the previous leak back in 2013 that had payment information, it is a kind reminder to change your credentials every so often. I am still using CS4 so this doesn't affect me at all.

[Salv8 (sam)]

adobe security be like:

 

geddit? cause it's nothing!!!! *cue Seinfeld music*

[FezBoy]

Thanks Adobe.

[Zodiark1593]

Given how quickly the exploit was patched, I'll keep my pitchfork in storage (still need my torch out though because PG&E), and chalk it down to *expletives* happen.

[DrMacintosh]

Lol. Adobe products. 

[Arika]

CS6 all up in this bitch

[givingtnt]

sigh, here we go again

[Suika]

And now we'll see a price hike to their cloud suite in order to improve user security.

 

You would think that in this day and age, we would see less companies leaving databases open to the public like this. What absolute hooligans.

[D13H4RD]

Riiiiiight when I decided to renew my CC sub

 

Thanks

[vanished]

I see they've learned nothing since the last time.  That, plus given how poorly secured this was has now made me realize they have no clue what they're doing and don't care, and that's just one more reason to avoid their cloud offerings... not that I was interested anyway, even if they were free.  Tried it once, thoroughly unimpressed.  I'll stick with CS6.

[Doobeedoo]

Adbe

[Sauron]

7 hours ago, williamcll said:

a database that could be accessed without the use of a password

LMAO

 

Imagine paying hundreds in monthly fees and expecting anything other than the worst kind of incompetence.

4 hours ago, Ryan_Vickers said:

I'll stick with CS6.

If this is the level they operate at it's just a matter of time something goes equally wrong with everything else they sell

[Arika]

2 minutes ago, Sauron said:

If this is the level they operate at it's just a matter of time something goes equally wrong with everything else they sell

And that's why everyone torrents it.

 

I actually bought ClipStudio Paint but still find myself doing a lot of non-drawing stuff in CS6

[RejZoR]

Same Adobe that limited user passwords to max 8 characters few years ago... And I think it could only be alphanumeric, no special characters. Peak security expected from company that does this kind of shit...

[D13H4RD]

They're really tempting me to fully ditch Lightroom at this point in time.

[MrFixitBlankFace]

Well this is news.

[Lady Fitzgerald]

And people wonder why I ditched everything to do with Adobe a while back.

[Roswell]

4 hours ago, Lady Fitzgerald said:

And people wonder why I ditched everything to do with Adobe a while back.

Well, not everyone has that luxury. If you're a professional in the creative space, you're stuck with Adobe UNLESS you work alone.

 

They need viable competition for people to turn to. Affinity is very close on the graphic design front, but still lacks some layers of compatibility with CS.

[Murasaki]

[laughs in free alternative software] 

[Crowbar]

Yet again adobe fail but barely anyone blinks an eye due to wide adoption. Sadly there are equal if not better alternatives for free for virtually every operating system but because learning how to do something differently is too complicated for most users especially on the windows platform, they go mostly ignored.

 

Unfortunately, this will also have no effect to fan boys like linus who unceremoniously take every opportunity to provide advertising free of charge in many of their videos for adobe products often citing them as an excuse not to adapt or change.

[Lady Fitzgerald]

On 10/29/2019 at 7:40 PM, Vitamanic said:

Well, not everyone has that luxury. If you're a professional in the creative space, you're stuck with Adobe UNLESS you work alone.

 

They need viable competition for people to turn to. Affinity is very close on the graphic design front, but still lacks some layers of compatibility with CS.

I'm retired. I'll use whatever I jolly well please.