If you receive an email purporting to be from Adobe, be careful even if it does contain information which only you and Adobe should know. Millions of Creative Cloud accounts had their details exposed for around a week…
Security firm Comparitech discovered that Adobe left the personal information of almost 7.5M Creative Cloud subscribers on an open server, reports TNW.
According to security firm Comparitech, the software giant left an Elasticsearch server unsecured that was accessible on the web without any password or authentication required. The leak, which was discovered on October 19, was plugged by Adobe immediately after it was alerted of its existence […]
The exposed database included details like email addresses, account creation dates, subscribed products, subscription statuses, payment statuses, member IDs, country of origin, time since last login, and whether they were Adobe employees or not.
The good news is that no credit card details or passwords were included, but Comparitech warns that targeted phishing attacks are likely against the owners of Creative Cloud accounts.
The exposed user data wasn’t particularly sensitive, but it could be used to create phishing campaigns that target the Adobe users whose emails were leaked. The following user data was included:
- Email addresses
- Account creation date
- Which Adobe products they use
- Subscription status
- Whether the user is an Adobe employee
- Member IDs
- Time since last login
- Payment status
Fraudsters could pose as Adobe or a related company and trick users into giving up further info, such as passwords, for example.
An uneducated user, receiving an email claiming to be from Adobe which lists their correct subscription details, could easily be fooled.
As always, our advice is never to click links in emails, even if you believe the email to be genuine. Always visit the website from your own bookmarks, or typing in the URL manually.