More than 7 million Adobe Creative Cloud account user data has been exposed form an unauthenticated Elasticsearch database.

Adobe Creative Cloud is a set of applications and services from Adobe Systems that gives subscribers access to a collection of software used for graphic design, video editing, web development, along with a set of mobile applications and also some optional cloud services. 

The exposed details contain sensitive information such as,

  • Time since the last login
  • Account creation date
  • Subscription status
  • Member IDs
  • Payment status
  • Which Adobe products they use
  • Whether the user is an Adobe employee
  • Country
  • Subscription status

Security researcher Bob Diachenko uncovered the publically available database, the database has no password authentication and can be accessed by one by just having the link associated.

The exposure was notified to Adobe on October 19 and the same day the company secured the database.

The researcher said that we do not know when, exactly, the database first appeared, or anyone gained unauthorized access to the database but Diachenko estimates it was exposed for about a week.

The exposed database doesn’t include any credit cards or other payment information, so chances for direct financial or security threats, reads the report.

There is no credit card data involved in this leak but the leaked information could be used against Adobe Creative Cloud users in targeted phishing emails and scams.

Cyber Security New recently reported another data leak from the US Government, Military, and Department of Homeland Security (DHS) data exposed from the Elasticsearch database that belongs to the reservations management system Autoclerk.

You can follow us on LinkedinTwitterFacebook for daily Cyber security and hacking news updates.

Gurubaran is a Security Consultant, Security Editor & Co-Founder of Cyber Security News & GBHackers On Security.