Last week, data from over 7 million Adobe Creative Cloud accounts were exposed to the public and anyone with a web browser could have accessed the information. The exposed information included email addresses, account creation date, and member ID, but did not include credit card information or passwords.
The exposure was originally investigated and reported by technology research company Comparitech along with security researcher Bob Diachenko. Adobe was notified on October 19th and the instance was also secured on that date, however, Diachenko estimates that the data was accessible for about a week. Adobe posted about the incident on their blog on October 25th.
At the time of this posting, Adobe has not yet provided a way to determine if your information has been accessed, but has posted a security update on the Adobe blog. The text is as follows:
"At Adobe, we believe transparency with our customers is important. As such, we wanted to share a security update. Late last week, Adobe became aware of a vulnerability related to work on one of our prototype environments. We promptly shut down the misconfigured environment, addressing the vulnerability. The environment contained Creative Cloud customer information, including e-mail addresses, but did not include any passwords or financial information. This issue was not connected to, nor did it affect, the operation of any Adobe core products or services. We are reviewing our development processes to help prevent a similar issue occurring in the future. Should you have any questions, we encourage you to contact us at: https://helpx.adobe.com/contact.html"
Security Update from AdobeCredit: AdobeCreative Cloud encompasses Adobe's set of creative applications, including Premiere, After Effects, and Photoshop, and has a cloud-based subscription model. If you are a Creative Cloud user, take extra care with any suspicious emails claiming to be from Adobe as the exposed data can be used to create phishing scams.
Be careful out there!
Header Image Credit: The Barn Creative