Security researchers discovered that subscriber information for Adobe’s Creative Cloud was exposed to the public due to an unencrypted database cache.
Technical detail and additional information:
What is the threat?
Although the database storing customer information was secured, the cache of the database was not, revealing customer information to anyone. The information did not consist of any personal identifiable information. However, it could still be useful to attackers for launching spear-phishing campaigns or other kinds of fraudulent activity.
Why is this noteworthy?
Adobe Cloud is a subscription service that allows users to access a suite of Adobe Products. Some estimates state that approximately 15 million users subscribe to the service. The vulnerability was discovered by a security researcher who had partnered with Comparitech on October 19th and Adobe was quickly notified of the data leak. Adobe responded by taking down the entire database cache, however, the security researches estimate that the information was open for public access for over a week and that there is no way to determine who might have accessed the information during that time.
What is the exposure or risk?
According to Comparitech, the information stored in the database cache consisted of; email addresses, subscription and payment status, member IDs, country, and whether the user was an adobe employee. Even though the data is not considered sensitive, the information that the security researchers found could be used to execute spear-phishing attacks and other scams.
What are the recommendations?
Adobe has stated that they have shutdown the vulnerable environment, but it is impossible to say if the information had been viewed by malicious actors before the shutdown. Anyone who is a subscriber to Adobe Cloud could have had their information leaked, therefore, SKOUT recommends that customers stay alert for possible phishing attempts and monitor account activity.
For more in-depth information about the recommendations, please visit the following link:
For more information, please contact our Security Operations Center.