Adobe Left 7.5 Million Creative Cloud User Records Exposed Online

The customer of nearly 7.5 million Adobe Cloud users was open on the internet inside an Elasticsearch database that was connected online without a password.

The details firstly included information about customer accounts, but no passwords or any other financial information. The user’s detail included email addresses, Adobe member IDs (usernames), country of origin, and which Adobe products they were using. Some of the Other information also included account making date, the last date of their login, whether the account belonged to an Adobe employee and payment status.

On last Saturday, October 19, the data was found by security observer Bob Diachenko from Security finding and Paul Bischoff, a tech reporter for CompariTech.The two notified Adobe’s security team, who secured the server on the same day.

Diachenko and Bischoff lauded Adobe they acknowledge that the data escape was not as serious they’ve found in the past at other companies, because as it did not contain passwords, payment data, or even something as basic as customer names or any other customer details.


Still, it is unclear if somebody else also retrieves this database and download its content. The data could be used to send spam to users who had their email addresses exposed.

The hackers could target owners of active Adobe accounts with trolling emails to takeover high-value Cloud accounts, which they can further re-sell online, on other dark web markets.

The software company cloud-based hold responsible for the occurrence of a defect to one of its “prototype environments” that guide to the server becoming open on the internet.

This revelation is severe as the infamous 2013 Adobe breach, where hackers gained full records, including hidden payment details, for approximate 38 million Adobe users. The Adobe break was one of the biggest hacks ever.

Type of information exposed? —  The exposed information included

  • Email addresses
  • Date of Account creation
  • Adobe products they subscribed
  • Subscription status
  • Payment status
  • Member IDs
  • Country
  • Last login time
  • User is an Adobe employee

Related post: Mozilla Firefox Prevents Injection Attacks Via Blocking Inline & Eval Javascript

Keep following us for more updates #TeamBugNResearch

Leave a Reply

Your email address will not be published. Required fields are marked *