An Adobe database with plenty of sensitive user information was exposed, researchers have confirmed late last week. Information such as email addresses, payment status and whether or not the user was an Adobe employee was available for anyone who knew where to look.
According to security experts from Comparitech, together with security researcher Bob Diachenko, the Elasticsearch database has had no means of protection. As long as people knew how to find it, they could easily access it, and in it find details on 7.5 million people.
Luckily for everyone whose data resided in the database, the problem was quickly remedied. Adobe was notified of the security oversight on October 19, and secured the database that very same day.
Besides email addresses and payment statuses, the database contained account creation dates, the types of Adobe products people used, subscription statuses, member IDs, countries of residence, and the time of last login.
The good news is that the database did not contain any sensitive payment information, such as credit card details. The information found inside does not pose a direct financial threat, it was added.
According to the researchers, the database seems to have been unprotected for a week. We don’t know if anyone managed to access it while it was unlocked or not.
The database gathers information from Adobe Creative Cloud, a subscription-based service that allows people to use products such as Photoshop, Lightroom, Illustrator, InDesign, Premiere Pro, Audition, After Effects, and others.