Adobe Creative Cloud Database Vulnerability Leaves 7.5 Million Customer Emails Exposed

Adobe Creative Cloud Database Vulnerability Leaves 7.5 Million Customer Emails Exposed

In Securityby Shelly KramerLeave a Comment

Adobe Creative Cloud Database Vulnerability Leaves 7.5 Million Customer Emails Exposed

The News: Adobe Creative Cloud database vulnerability leaves 7.5 million customer emails explosed. Data hunter Bob Diachenko and security pros at Comparitec discovered an Elasticsearch database full of customer data exposed on the internet. The unsecured database contained the email addresses of nearly 7.5 billion customers of Adobe’s Creative Cloud. Read more at Naked Security.

Adobe Creative Cloud Database Vulnerability Leaves 7.5 Million Customer Emails Exposed

Analyst Take: Another day, another company deals with a security issue. Today, that company is Adobe and about half of its Adobe Creative Cloud customer base that has to worry that their email addresses are floating about out there.

I’ll start with the good news: This unsecured database was discovered by Diachenko and Comparitec on October 19th and is thought to have been exposed for about a week. As soon as Adobe learned of the issue, it admitted the error and shut it down. The other good news is that this vulnerability did not expose passwords or payment information.

The bad news is that people are incredibly prone to phishing attacks, and these 7.5 million people are no exception. Hackers could easily use these email addresses claiming they are Adobe and asking for credential information. They could also sell the email addresses to others on the dark web who make a mighty fine living in the business of phishing.

The other bad news is that while password or payment information wasn’t accessible, other information was, including the user’s country, the Adobe products used, the account creation date and time since last login, and whether the user is an Adobe employee. Individually, maybe not a big deal, but the more information hackers have, the more easily they can exploit users. Make no mistake, it is incredibly easy to get tripped up by a well-executed phishing scheme, and that’s the danger posed here.

It doesn’t appear that Adobe users need to worry about all of their accounts, this vulnerability only affected the Adobe Creative Cloud users. If that’s you, stop what you’re doing and go set up two factor authentication. Go to Settings, select Two-step verification, make your selection from there.

I’ll close with a note to anyone at any company responsible for data in any way — data security is not something to be taken lightly, whether it’s the security of your customers, or the security of your employees. The bad guys are out there, all day, every day, trying to find a way in — that’s a reality. But we can’t make it easy for them. There’s no excuse for sloppiness when it comes to securing databases. Ever.

Futurum Research provides industry research and analysis. These columns are for educational purposes only and should not be considered in any way investment advice.

Related content:

Capital One Breach — A Terrible, Horrible, No Good, Very Bad Day 

Most Important Part in Mitigating a Data Breach 

Faulty Database Brings Salesforce [and Users] to their Knees

Image Credit: DIYPhotography.net

 

The original version of this article was first published on Futurum Research.

 

Shelly Kramer

Shelly Kramer is a 20+ year marketing veteran and CEO of V3 Broadsuite, a marketing consultancy, and the President of Broadsuite Media Group. She’s a business strategist focused on B2B digital transformation, and delivering integrated marketing solutions for clients. She’s an expert at omnichannel marketing, content strategy and execution, connecting social media to business initiatives, and helping clients leverage the web for growth and profitability.