What Happened? On October 25, Adobe revealed the Email addresses of at least 7.5 million users stored on their Adobe Creative Cloud service had been part of a data breach. While Adobe has patched the hole and tightened security around the database, email addresses and other data points were confirmed as part of the breach. The breach was first revealed to Adobe on October 19 by Comparitech and security researcher Bob Diachenko and the breach was believed to only have lasted a week long.
Diachenko revealed that the data taken in the breach did not contain payment information or passwords for any of the accounts and that the particular data taken was not sensitive per say. The data taken included Adobe Users’ email addresses, time of account creation, the adobe products they use, Adobe subscription status, if the user is an Adobe employee, country, payment status, and the last time the account was active.
Optimistic Take: To be clear, the information does not pose a direct financial or security threat. No credit cards or other forms of payment information were exposed, nor were any passwords. Adobe immediately acted to close the access point upon Diachenko revealing the breach to them. Adobe sent out a security update themselves to show transparency to their consumers about the breach. Despite all of these steps taken, if you have an Adobe account be sure to check your email if you have been affected by this breach.
Changing or updating account information after a breach is important because all of this data could easily be used for phishing campaigns targeting the email addresses taken. A hacker could draft an email using Adobe’s templates and style, and send out a mass email posing as the company asking for passwords or payment information allowing access to way more personal data of the victim. If Adobe has contacted you about your account we strongly suggest you read it and update your security information.