It happens to the biggest among us it seems as it looks like Adobe’s Creative Cloud service is the latest to suffer a breach of its accounts database…to the tune of some 7 million.
If you’re like us, you’ll probably want to go on ahead and change your password just to be safe even though no password data was exposed in the breach.
So, what happened?
Apparently, a massive database of account information, including member status and ID as well as whether or not you were currently paying for a Creative Cloud subscription, among other things. The database was accessible via a web browser and didn’t require any kind of authentication to view. Security Researcher Bob Diachenko and the website Comparitech informed Adobe of the issue and the company took immediate action.
Adobe said in a patch cited by PetaPixel,
“At Adobe, we believe transparency with our customers is important. As such, we wanted to share a security update.
Late last week, Adobe became aware of a vulnerability related to work on one of our prototype environments. We promptly shut down the misconfigured environment, addressing the vulnerability.
The environment contained Creative Cloud customer information, including e-mail addresses, but did not include any passwords or financial information. This issue was not connected to, nor did it affect, the operation of any Adobe core products or services.
We are reviewing our development processes to help prevent a similar issue occurring in the future.”
As PetaPixel points out, this breach is a lot less severe than a 2013 security breach that did reveal credit card information and hit some 38 million to 150 million accounts. Nonetheless, it does make you wonder what’s up, especially since everything was viewable through a browser and without any kind of authentication process.
What do you think? Let us know your thoughts in the comments below.
Also, don’t forget to check out other photography news stories on Light Stalking by clicking here.
1 Comment
I am still wondering why Adobe hasn’t with direct mail notified their customers.
Even if passwords and credit data wasn’t shared, this is still a breach….