Skip to main content

Adobe left millions of Creative Cloud user records exposed online

Adobe Creative Cloud subscribers are being warned to keep a look out for phishing emails after it was discovered that data belonging to more than seven million accounts remained exposed online for about a week.

Adobe Creative Cloud is a suite of applications that subscribers pay a monthly fee to use. It includes Photoshop, Lightroom, Premiere Rush, Premier Pro, and Illustrator, among other software.

U.K.-based tech firm Comparitech and security researcher Bob Diachenko discovered the exposed data, which they said could be viewed without a password or any other kind of authentication.

The researchers alerted Adobe on October 19, prompting the software company to secure the database on the same day.

Exposed data

The exposed data involved 7.5 million accounts and included email addresses, member IDs, country locations, account creation dates, Adobe products used, time since last login, payment status, and whether the user is an Adobe employee, among other details.

Payment information and passwords were not exposed.

Comparitech said that while the data isn’t “particularly sensitive,” it could nevertheless be used to launch phishing campaigns against subscribers.

“Fraudsters could pose as Adobe or a related company and trick users into giving up further info, such as passwords,” Comparitech said in a post about the incident.

There’s so far no evidence that the data was accessed by third parties during the time it was exposed online.

California-based Adobe acknowledged the incident in a message on its website.

“At Adobe, we believe transparency with our customers is important. As such, we wanted to share a security update,” the company said.

“Late last week, Adobe became aware of a vulnerability related to work on one of our prototype environments. We promptly shut down the misconfigured environment, addressing the vulnerability.”

It continued: “The environment contained Creative Cloud customer information, including e-mail addresses, but did not include any passwords or financial information. This issue was not connected to, nor did it affect, the operation of any Adobe core products or services. We are reviewing our development processes to help prevent a similar issue occurring in the future.”

It’s not the first time Adobe has run into trouble with how it handles user data. In 2013, the company suffered a far more serious incident when hackers stole information belonging to around 38 million users. In that case, the hackers managed to get their hands on encrypted customer data that included payment card details, names, usernames, and email addresses.

Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
Adobe will pay you to help design its creativity conference
photography shows are going online adobemax2019 002

Creatives are among the industries hit hard by the pandemic -- and Adobe wants to help by inviting creatives to, well, create. As part of the Adobe Max creativity conference, Adobe is looking for collaborators for the now all-virtual event taking place on October 20-22. Co-Create Max is a program inviting artists to apply for a (paid) gig developing content for the conference.

Co-Create invites creatives to apply to four different areas, which can, like the conference, be completed virtually. Graphic designers will be tasked with gigs like creating posters and Zoom backgrounds. Adobe is also looking for illustration and motion media or video work. The fourth category, Wildcard, is creative even in the category, inviting anything from playlists to memes to street photographers.

Read more
Hackers are trying to sell a haul of more than 73 million user records
Hands on a laptop.

More than 73 million user records stolen from across a number of online services are being offered for sale on the dark web by hacker group ShinyHunters, according to ZDNet.

Affected services include online dating app Zoosk (30 million user records), printing service Chatbooks (15 million), food delivery service Home Chef (8 million), online marketplace Minted (5 million), and U.S. news site Star Tribune (1 million).

Read more