7.5 Million Adobe Accounts Exposed By Security Blunder: Report

7.5 Million Adobe Accounts Exposed By Security Blunder: Report

The customer records of nearly 7.5 million Adobe Creative Cloud users were reportedly discovered by a security researcher this month in an inadvertently exposed database which has now been secured.

The records reportedly exposed in the security mishap did not contain any passwords or payment information, but instead offered accurate information about millions of customers’ accounts, including which Adobe products they use, member IDs, and subscription and payment status.

Experts say the exposure of such detailed account information would place Adobe customers at a high risk of being targeted by scams—attempts to acquire payment information or account credentials—had cybercriminals managed to acquire the data. It remains unclear whether that’s the case.

Scammers often masquerade as a particular service provider, Satnam Narang, a senior research engineer at Tenable, told Gizmodo. The aim is to trick users into believing fake company emails are legitimate in an effort to solicit additional private information or compromise their accounts.

[referenced url=” thumb=” title=” excerpt=”]

“In this case, the information exposed is a gift to scammers, because it provides them with accurate information on Adobe Creative Cloud customers. Fortunately for these customers, their payment information was not exposed,” Narang said. He warned, however, that scammers “could certainly utilise this information to launch precise phishing attacks against these customers by sending them a warning about an issue with their subscription.”

According to Comparitech, which first broke the news on Friday, the data was uncovered on October 19 by noted security researcher and data-breach hunter Bob Diachenko. The pro-consumer website said it was unclear how long the records had been exposed or if anyone else accessed them prior to Diachenko’s discovery.

Comparitech reported the exposure included the following subscriber data:

  • Email addresses

  • Account creation date

  • Which Adobe products they use

  • Subscription status

  • Whether the user is an Adobe employee

  • Member IDs

  • Country

  • Time since last login

  • Payment status

Adobe did not immediately return a request for comment. There was no statement concerning the exposure on the company’s website at the time of writing. Comparitech reported that the company reacted quickly after it was notified about the exposure and secured the database on the same day.

Adobe customers should be on the lookout for suspicious emails directing them to log into their accounts or submit payment information.

As a general rule, users should never click on any account-related links they receive via email, no matter how official they may appear. Instead, go to the Adobe website in a separate tab and resolve any potential account issues after logging into the website directly.

Adobe also offers the ability to secure the accounts using two-factor authentication, a security feature all users should have enabled to help ward off attacks.


The Cheapest NBN 50 Plans

It’s the most popular NBN speed in Australia for a reason. Here are the cheapest plans available.

At Gizmodo, we independently select and write about stuff we love and think you'll like too. We have affiliate and advertising partnerships, which means we may collect a share of sales or other compensation from the links on this page. BTW – prices are accurate and items in stock at the time of posting.