Creative Cloud Archives - CISO MAG | Cyber Security Magazine

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the accelerated-mobile-pages domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /www/cisomagcom_810/public/wp-includes/functions.php on line 6121

Deprecated: Optional parameter $options declared before required parameter $ad is implicitly treated as a required parameter in /www/cisomagcom_810/public/wp-content/plugins/advanced-ads/classes/display-conditions.php on line 208

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the easy-digital-downloads domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /www/cisomagcom_810/public/wp-includes/functions.php on line 6121

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the edd_cfm domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /www/cisomagcom_810/public/wp-includes/functions.php on line 6121

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the edds domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /www/cisomagcom_810/public/wp-includes/functions.php on line 6121

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the edd-recurring domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /www/cisomagcom_810/public/wp-includes/functions.php on line 6121

Deprecated: Optional parameter $params declared before required parameter $secretWord is implicitly treated as a required parameter in /www/cisomagcom_810/public/wp-content/plugins/edd-2checkout/sdk/lib/Twocheckout/TwocheckoutReturn.php on line 6

Deprecated: Optional parameter $insMessage declared before required parameter $secretWord is implicitly treated as a required parameter in /www/cisomagcom_810/public/wp-content/plugins/edd-2checkout/sdk/lib/Twocheckout/TwocheckoutNotification.php on line 6

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the edd-recurring domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /www/cisomagcom_810/public/wp-includes/functions.php on line 6121

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the Newsmag domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /www/cisomagcom_810/public/wp-includes/functions.php on line 6121

Warning: Cannot modify header information - headers already sent by (output started at /www/cisomagcom_810/public/wp-includes/functions.php:6121) in /www/cisomagcom_810/public/wp-content/themes/Newsmag/functions.php on line 616

Warning: Cannot modify header information - headers already sent by (output started at /www/cisomagcom_810/public/wp-includes/functions.php:6121) in /www/cisomagcom_810/public/wp-includes/feed-rss2.php on line 8
Creative Cloud Archives - CISO MAG | Cyber Security Magazine Beyond Cyber Security Wed, 26 May 2021 06:28:19 +0000 en-US hourly 1 https://wordpress.org/?v=6.8.1 Adobe’s 7.5 million Creative Cloud Accounts Exposed https://staging-cisomagcom.kinsta.cloud/adobe-creative-cloud-vulnerability/ Tue, 29 Oct 2019 13:30:35 +0000 https://staging-cisomagcom.kinsta.cloud/?p=4186 Adobe, a known name in creative cloud services, has mistakenly exposed around 7.5 million user account details. This vulnerability was brought to light by Security Researcher and Consultant Bob Diachenko and reported in the press by Paul Bischoff Tech Journalist, Privacy Advocate And VPN Expert from Comparitech. As per Adobe’s whitepaper, most components of Creative […]

The post Adobe’s 7.5 million Creative Cloud Accounts Exposed appeared first on CISO MAG | Cyber Security Magazine.

]]> Adobe, a known name in creative cloud services, has mistakenly exposed around 7.5 million user account details. This vulnerability was brought to light by Security Researcher and Consultant Bob Diachenko and reported in the press by Paul Bischoff Tech Journalist, Privacy Advocate And VPN Expert from Comparitech.

As per Adobe’s whitepaper, most components of Creative Cloud are hosted on Amazon Web Services (AWS) which include Amazon Elastic Compute Cloud (Amazon EC2) and Amazon Simple Storage Service (Amazon S3). The Elasticsearch database is used to store, search, and analyze large volumes of data in near real-time. Diachenko’s analysis spotted that this Elasticsearch database was left exposed as there was no password protection provided for it. The result – if people knew how to find this vulnerability, they could easily access the database through their browser and find details of 7.5 million Creative Cloud accounts at their fingertips. It was also found that this flaw was live and unnoticed for close to a week, but whether anyone else had unauthorized access to it is not known.

Diachenko reported this security flaw to Adobe on October 19 to which it responded immediately and also gave a formal update to its users through the Adobe Blog. It stated: “At Adobe, we believe transparency with our customers is important. As such, we wanted to share a security update.

Late last week, Adobe became aware of a vulnerability related to work on one of our prototype environments. We promptly shut down the misconfigured environment, addressing the vulnerability.

The environment contained Creative Cloud customer information, including e-mail addresses, but did not include any passwords or financial information. This issue was not connected to, nor did it affect, the operation of any Adobe core products or services.

We are reviewing our development processes to help prevent a similar issue occurring in the future.”

The good news is that the user data which was exposed did not contain payment information or passwords, but it did include info such as:

Email address
Account creation date
Adobe products subscribed
Subscription status
Member IDs
Country
Time since last login
Payment status

The only concern that Adobe now has is that if someone did lay hands on this piece of information then its users are at risk of a Phishing attack.

The post Adobe’s 7.5 million Creative Cloud Accounts Exposed appeared first on CISO MAG | Cyber Security Magazine.

]]>