Creative software developer Adobe suffered from a data leak. In all, 7.5 million users have been exposed.
It’s happening again. A security incident with Adobe. This time, the company suffered from a data leak that exposed 7.5 million. The contents of the leak, at least, isn’t as bad. Primary e-mail addresses were among the pieces of information exposed, but financial information and passwords remain secure. The leak is being blamed on the all too familiar misconfigured elasticsearch server. From ZDNet:
The basic customer details of nearly 7.5 million Adobe Creative Cloud users were exposed on the internet inside an Elasticsearch database that was left connected online without a password.
The exposed details primarily included information about customer accounts, but not passwords or financial information.
Exposed user details included email addresses, Adobe member IDs (usernames), country of origin, and what Adobe products they were using. Other information also included account creation date, the last date of their login, whether the account belonged to an Adobe employee, and subscription and payment status.
This data was found last week, on Saturday, October 19, by security researcher Bob Diachenko from Security Discovery and Paul Bischoff, a tech journalist for CompariTech.
Article goes on to say that the researchers contacted the company. In response, the company secured the server on the same day.
For some, the combination of terms of “Adobe” and “security incident” might ring some bells. That might be because of the fact that Adobe suffered a much more devastating data breach back in 2013. At the time, at least 38 million users had their information exposed. The information stolen included encrypted credit cards and login credentials. By 2015, Adobe had to pay more than $1.2 million after a class action lawsuit was launched.
Adobe, no doubt, doesn’t want a repeat of that which could partly explain how the company was able to react to the report so quickly this time around. It’s very likely they don’t want a repeat of that nightmare scenario.
On the bright side, at least the leaking server has since been secured and the company acted quickly to correct the situation. That’s certainly more than what we can say for the recent AutoClerk data leak which took 19 days before the situation was resolved.
Drew Wilson on Twitter: @icecube85 and Facebook.
