Security flaw on Adobe Creative Cloud, exposed user data
Adobe Creative Cloud, the system that brings together all the software and services published by Adobe Inc., a company specializing in graphics program design including the most famous Acrobat, Photoshop, Illustrator, InDesign, and Flash.
Subscribers can access all of the applications offered by the structure via Adobe Creative Cloud, to develop graphic design, web development, video editing, photography, and even cloud and mobile application activities. The company has a total of about 15 million subscribers.
This article will also interest you: Trends and Market Forecasts for Cloud Protection Applications 2019 – 2024
However, since last week it has nevertheless been able to see the data of its users that were stored in its database, leaked and exposed online via an unsecured Elasticsearch database. Apparently the system was suffering from a security flaw that benefited people who were ill-intentioned. A total of 7.5 million Adobe users were exposed on the web through an ElasticSearch database.
The information that was exposed consisted of subscriber identification data such as email addresses, account creation date, subscription status, member IDs, country of origin, payment status and last connection period. Fortunately, no passwords or financial data were disclosed.
We know that the security issues related to elasticSearch databases are not really new. Earlier this year, more than 100 million transactions were disclosed involving a group of online casinos, data that related to the personal information of the customers of those casinos. And this on a very vulnerable elasticSearch database, without a security password.
The same phenomenon occurs in July, following the exposure of about 90 million of the data disclosed in China because of a security problem on a server accessible to the general public without any protection. Many companies have seen their customers' data put online without them being able to do anything about it. Sensitive information also leaked during the case.
If Adobe was lucky enough not to to have sensitive customer data disclosed to the general public, it is however, the information that is circulating is likely to endanger somehow their subscribers. "The information exposed in this leak could be used against Adobe Creative Cloud users in targeted phishing emails and attacks. Fraudsters may pose as Adobe or a reliable partner company and encourage users to provide additional information," explained Comparitech a team of researchers, editors, editors, and Developers.
For its part without commenting too much, the graphic solutions company simply stated that the fault to be attributed to a configuration of a new prototype. "Towards the end of the week Last year, Adobe became aware of a vulnerability one of our prototype environments. We quickly resolved the misconfigured environmental problem, correcting vulnerability," Adobe said.
For the time being, the culprits have not yet been identified. No formal investigation has been carried out, although there is no doubt about that. However, one wonders what the consequences of this data leak could be on the business of the company.
Now access an unlimited number of passwords: