Adobe had a database of nearly 7.5 million Creative Cloud customers online unsecured for an estimated week. E-mail addresses, subscription info and country of origin were not included in the data, passwords and payment information.
The leak was discovered on October 19, by Comparitech and security researcher Bob Diachenko. “Anyone with a browser could access it,” the researchers said. In addition to the above data, this concerns peripheral matters such as the date on which the account was created, whether people are up to date with payments, when they last logged in and the like.
The same day, Adobe put a lock on it. The researchers estimate that the database was accessible for a week. It is unknown whether another party has viewed the database. Adobe only states in a response that it “evaluates its development processes to prevent repetition”.
The researchers recognize that this information is not enough to directly damage customers, but that it is tools with which a robust phishing or spearphishing attack can be set up. It can again have a password or payment details as loot.
Adobe Creative Cloud is a software package with programs such as Photoshop, Premiere, Audition, After Effects and Acrobat. Today, Adobe only offers it in the form of a subscription. Costs vary from 12 euros per month to almost 100 euros per month.