Earlier this month, a serious security incident became apparent at Adobe that exposed the personal information of nearly 7.5 million users belonging to the company’s popular Creative Cloud service.
According to security firm Comparitech, the software giant left an Elasticsearch server unsecured that was accessible on the web without any password or authentication required. The leak, which was discovered on October 19, was plugged by Adobe immediately after it was alerted of its existence.
The exposed database included details like email addresses, account creation dates, subscribed products, subscription statuses, payment statuses, member IDs, country of origin, time since last login, and whether they were Adobe employees or not.
Although there were no passwords or financial information in the database, the consequence of such exposure is the increased possibility of targeted spear phishing email attacks. “Fraudsters could pose as Adobe or a related company and trick users into giving up further info, such as passwords, for example,” Comparitech said.
MacDailyNews Take: It never ends. Adobe should be sued by users who have been harmed by their ineptitude en masse via class action lawsuit.