Latest Threat Research: LetMeowIn – Analysis of a Credential Dumper

Get Informed


Adobe Left 7.5 Million Creative Cloud User Records Exposed Online

Basic customer details of approximately 7.5 million Adobe Creative Cloud users were exposed to the internet in an Elastisearch database that was found to be unprotected. This data was found by security researcher Bob Diachenko of Security Discovery and Paul Bischoff, a tech journalist for Comparitech. The exposed information primarily included information about customer accounts, but no passwords or financial information.  The exposed information included email addresses, Adobe member ID’s, country of origin and what Adobe products they were using. Other information also included account creation date, last login, if the account belonged to an Adobe employee and subscription and payment status. Currently, it is unknown if the database was accessed or downloaded by anyone. Attackers could use this information to target owners of active Adobe premium accounts with phishing emails to try to hijack high-value Creative Cloud accounts from owners for potential sale on the dark web. The cloud-based software company blamed the incident on a “prototype environment” that was misconfigured. The researchers notified Adobe of the issue and were very pleased with the response. Adobe secured the exposed data within the same day as the notification. According to Comparitech, no passwords or payment data was exposed.

Analyst Notes

Clients of cloud-based services will always be an inviting target for attackers. Because of the complicated set of sharing options and security settings available from cloud storage service providers, it is easier for IT staff to inadvertently share access to data more publicly than company policy intends. Companies should ensure that employees responsible for cloud servers have good training on the security controls and configuration options for cloud services, audit those controls regularly, and perform penetration testing to find any inadvertent sharing before threat actors do.