Almost 7.5 million Adobe Creative Cloud user records were left unsecured on the internet with a web browser, including account information, email addresses and which Adobe products they use. “We do not know when, exactly, the database first appeared, but Diachenko estimates it was exposed for about a week. We do not know whether anyone else gained unauthorized access to the database in the meantime”, — writes Paul Bischoff.
The exposed details mainly contained information about customer accounts, but not passwords or financial information. Moreover, the database included information on the date of creation of the account, the last date of login into the device, the status of subscription and payment, as well as a note on the account belonging to an Adobe worker.
Although, the database that was exposed did not include financial and vital confidential details in the user data for example names, scammers can still utilize it to send spam and manage phishing attacks. For example, operators of Adobe premium accounts can become targets of criminals, and phishing will be intended at hijacking Creative Cloud accounts for the aim of their later marketing.
“Late last week, Adobe became aware of a vulnerability related to work on one of our prototype environments. We promptly shut down the misconfigured environment, addressing the vulnerability.This issue was not connected to, nor did it affect, the operation of any Adobe core products or services. We are reviewing our development processes to help prevent a similar issue occurring in the future”, — reported in Adobe.