Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Cloud Databases

Nearly 7.5 Million Adobe Creative Cloud Users Exposed To Hackers (threatpost.com) 26

Nearly 7.5 million Adobe Creative Cloud users are left open to phishing campaigns after their records were left exposed to the internet. Threatpost reports: Adobe Creative Cloud, which has an estimated 15 million subscribers, is a monthly service that gives users access to a suite of popular Adobe products such as Photoshop, Lightroom, Illustrator, InDesign, Premiere Pro, Audition, After Effects and others. Comparitech partnered with security researcher Bob Diachenko to uncover the exposed database. The Elasticsearch database could be tapped without a password or any other authentication; offering an attacker access to email addresses, account information and which Adobe products that users purchased. The data did not include payment information or passwords. The user data "wasn't particularly sensitive," but it could be used to create convincing phishing emails aimed at Adobe users, according to Comparitech researcher Paul Bischoff, in Friday research shared with Threatpost. "The information exposed in this leak could be used against Adobe Creative Cloud users in targeted phishing emails and scams," Bischoff noted. "Fraudsters could pose as Adobe or a related company and trick users into giving up further info, such as passwords, for example."
This discussion has been archived. No new comments can be posted.

Nearly 7.5 Million Adobe Creative Cloud Users Exposed To Hackers

Comments Filter:
  • If I hadn't cancelled this morning for various other reasons (Fresco not being included in the Photographer tier, Photoshop for iPad apparently NOT being feature complete when it releases, an attempt earlier this year to raise prices, and solid, cheaper competition), this would have been the final straw.

    • Using gimp on Ubuntu these days instead of Photoshop.
      • by Anonymous Coward
        I switched from Gimp to Krita years ago because Gimp was stuck in the morass of 8-bits-per-channel and dismissing all proposals to upgrade from that rather limited capability.
  • by v1 ( 525388 ) on Friday October 25, 2019 @06:01PM (#59348504) Homepage Journal

    step 2: lay out all those forced hand-overs on the internet

    what was step 3 again?

    Adobe forced us to hand over thousands of our users' email addresses by forcing us to go from device licensing to cloud accounts this year, and here we though the worst that was going to happen as a result is they were going to use all those yummy emails to email-market-spam our users. But no, they found a way to make an abusive deal even worse. Leave it to Adobe.

    Now we're going to have to try to deflect some more spear phishing. The email guy's gonna just love this.

  • Flash, PDF, and Dmitry Sklyarov.

    What did you expect?

  • Amazingly abusive: The managers of businesses and most customers don't have much technical knowledge, so it is easy to abuse them.

    So, Adobe has been RENTING the software, rather than selling it.

    One of our customers spent $2,000 to update to the last Adobe Creative Suite version that was not forced to be in the "cloud". The customer already had an earlier version, and the version that cost $2,000 didn't have all the latest updates.
    • by dgatwood ( 11270 )

      Just wait. The first time their actual files end up somewhere, rather than just their personal info, Adobe is done. And given Adobe's history of security (Flash, for example), I can't imagine why anybody would trust Creative Cloud as far as they can throw an Adobe executive.

      I'd love to go back to paying Adobe for Photoshop and Lightroom upgrades, but not like that. For now, I'm on CS6, and it looks like when I upgrade to Catalina, I'll start migrating to a competitor's offerings.

    • Amazingly abusive: The managers of businesses and most customers don't have much technical knowledge, so it is easy to abuse them.

      So, Adobe has been RENTING the software, rather than selling it.

      One of our customers spent $2,000 to update to the last Adobe Creative Suite version that was not forced to be in the "cloud". The customer already had an earlier version, and the version that cost $2,000 didn't have all the latest updates.

      The industry is shifting to subscription. It has it's pro's and cons. These companies have to support and patch these products. It isn't free.

      $2000 for buying outright sounds like it could be the full creative suite for ALL Adobe products for 3 people. OR it could be Acrobat DC for 60 employees.

      The details are important. Because when you consider that you need to upgrade these products every few years, you realize that you need to weigh the balance between outright cost, subscription cost, and security. N

    • CS6 suite was discontinued 7 years ago. Buying the master suite for cs6 after being warned there would be perpetually licensed future upgrades available was a dumb move on your clients part. I know the adobe sales rep tried to talk them out of it but they refused to listen.
    • by guruevi ( 827432 )

      Adobe withdrew all the licenses for older versions of Creative Cloud and the Creative Suite no longer activates since they took down the activation servers.

  • by WindowsStar ( 4692767 ) on Friday October 25, 2019 @06:06PM (#59348532)

    This is why the Cloud is always a BAD idea, and why I hate that every software now-a-days wants you to have an on line account to use the software. Stop forcing us to use the Cloud and you will stop having breaches!!!

    • by sgage ( 109086 )

      I'm so glad I'm retired - no one can force me to use any software! My software resides on my drives, and runs on my computer. Ditto my data. The 'cloud' is an abomination, as far as I'm concerned.

      • Re: The Cloud Bad (Score:3, Interesting)

        by Fluk3 ( 742259 )
        You people do realize that adobe software runs on your hard drive and not âoein the cloudâ, right? Yeah you can sync your files to their cloud drive, but you donâ(TM)t have to (I donâ(TM)t). In that sense, Creative Cloud is a misnomer. Also, you guys realize the creative cloud suite is not just photoshop, right? I love affinity serif as an alternative, but as a professional using most of the adobe suite for print, vector illustration, video and motion graphics, I really canâ(TM
      • Good God, You and me both... I retired in 2010 from 20 years as a Windows/Linux sysadmin, and when I retired, my personal systems were Win7/Ubuntu dualboot. Soon after I retired I decided I was done with anything MS, and killed the Win7 partition. Now, after seeing what a steaming pile of excrement Windows 10 is, and how it blatantly abuses those who are either forced to use it, or don't know any better, I couldn't be happier with my decision... FUCK MICROSOFT (AND ADOBE) (geez that felt good..)

  • by zkiwi34 ( 974563 ) on Friday October 25, 2019 @07:04PM (#59348682)

    âoeCloudsâ are not secure enough, and provide epic possibilities for mayhem.

  • "The information exposed in this leak could be used against Adobe Creative Cloud users in targeted phishing emails and scams," Bischoff noted. "Fraudsters could pose as Adobe or a related company and trick users into giving up further info, such as passwords, for example."

    These people subscribed to a "Cloud Service" so we know already that they are not exactly the sharpest tools in the shed, so it is quite likely that if someone claiming to be from Adobe asked them for something they would hand it over with

  • with a users own software is looking great about now.
    • considering the amount of vulernabilities Adobe software tends to have I doubt you would be any safer unless you use it unplugged from the internet.
  • That is why Libre (free as in freedom) software ought to be considered for workflow. Inkscape (vector editing) here is an example: https://logosbynick.com/profes... [logosbynick.com], Scribus (desktop publishing) here is an example: https://www.scribus.net/manufa... [scribus.net] , Darktable + GIMP (photography) here is an example: https://pixls.us/ [pixls.us] , Blender (for short videos) some tutorials on using Blender as a video editor: https://www.youtube.com/user/M... [youtube.com] , Ardour (for audio editing) here are some examples: https://libremusicproduct [libremusicproduction.com]

Technology is dominated by those who manage what they do not understand.

Working...