Elasticsearch server is under the fire again: database belonging to Adobe Creative Cloud service exposed
A poorly protected database of Adobe's Creative Cloud exposes 7.5 million people's data which becomes available to anyone without authentication or passwords required. Security expert Bob Diachenko collaborated with Comparitech and revealed the unsecured Elasticsearch database containing details of Adobe Creative Cloud service and its users. Unfortunately, the name of Elasticsearch has already been mentioned in similar incidents before.
This serious breach affected desktop and mobile clients using Photoshop, Illustrator, Premiere Pro, InDesign, Lightroom, and many other services. It is known that personal information, including email addresses, account details, country, and other data of Abode Creative Cloud users, was stored in the affected database. The leak was initially discovered back on October 19, so Adobe has already taken the required actions.
Adobe Communications Team has stated in its release on October 25th:
Late last week, Adobe became aware of a vulnerability related to work on one of our prototype environments. We promptly shut down the misconfigured environment, addressing the vulnerability. This issue was not connected to, nor did it affect, the operation of any Adobe core products or services. We are reviewing our development processes to help prevent a similar issue occurring in the future.
Personal details exposed, credit card details are safe
While the problem was quickly remedied and the database secured, various details may have been accessed by a hacker or malicious criminal. Luckily, the information was not related to sensitive payment information, credit card details, so users can be sure that their identity and financial information is secure. However, data that got exposed and possibly collected included:
- email addresses;
- the date when an account was created;
- payment status;
- subscription status;
- products from Adobe that the user is subscribed to;
- member IDs;
- time since the last login;
- information about users that are Abode employees.
Possible outcome after the data breach can lead to serious damage
Attackers may have obtained these details with the purpose of using the credentials in later phishing attacks. Email addresses and other personal-enough details can be helpful for malicious people that focus on extortion and blackmailing scams.
The information exposed in this leak could be used against Adobe Creative Cloud users in targeted phishing emails and scams. Fraudsters could pose as Adobe or a related company and trick users into giving up further info, such as passwords, for example.
There are no particular details if someone has accessed the database or not and who can be those people. Still, it is possible that the server has been visited before the discovery and the company's reaction. Users should be aware that attackers may target them and be suspicious about phishing emails.
It is often the next step after such breaches and leaks because knowing some details like emails or account information can be enough to trick people into visiting malicious links or paying for alleged activities. Adobe offers to secure your account using the two-factor authentication as an additional layer of security that helps avoid these incidents in the future.