Talk about security blunders! Data of more than 7.5 million Adobe Creative users, including personal information, was exposed to anyone with a web browser.
According to the researcher behind the report, Bob Diachenko, the private information of users was estimated to be sitting in unprotected cache for about a week.
The exposed information comprised member ID, email addresses, last login information, payment status, residing country, and a few other things.
Later that day, Adobe acknowledged the security mishap in a statement, calling it a “vulnerability related to work on one of our prototype environments.”
However, the data leak of millions of Creative Cloud users still poses a great threat since the client information can be used for phishing attacks and other malicious actions.
Bob Diachenko initially discovered Adobe’s unsecured Elasticsearch database by actively scanning the Internet for unprotected databases. Following that, he reported the issue on October 19th, enabling Adobe to secure the database on the same day.
This is not the first time Adobe is facing a massive data leak; back in 2013, a data breach affected over 38 million Adobe users and over 3 million users’ financial details were stolen by the perpetrators behind the attack.