Another week, another security breach. This time around Adobe and its customers are the victims but thankfully the damage is minimal.
On Friday last week, Adobe declared that it had become aware of a vulnerability on one of its prototype environments.
While the environment was shut down, it did contain customer information that may have been compromised.
“The environment contained Creative Cloud customer information, including e-mail addresses, but did not include any passwords or financial information. This issue was not connected to, nor did it affect, the operation of any Adobe core products or services,” Adobe wrote in an alert to customers.
The vulnerability was discovered by Comparitech with help from Bob Diachenko. While Adobe didn’t declare how many accounts may have been compromised, the aforementioned pair says that nearly 7.5 million accounts were exposed online.
The following data was compromised:
- Email addresses
- Account creation date
- Which Adobe products they use
- Subscription status
- Whether the user is an Adobe employee
- Member IDs
- Time since last login
- Payment status
This does open up Adobe customers to targeted phishing attacks. Thankfully, since no financial information or passwords were compromised you won’t have to cancel your cards or change your passwords.
Adobe was alerted to the vulnerability on 19th October and it secured the environment that same day.
“We are reviewing our development processes to help prevent a similar issue occurring in the future,” Adobe said.