Victims lost $29.7 million to phishing scams in 2017, according to a report from the FBI’s Internet Crime Complaint Center. And since millions of email addresses were exposed, the phisher would only need a 0.01% response rate to defraud customer of hundreds of thousands of dollars. If a phisher uses these email addresses to send a convincing looking email claiming to be from Adobe, requesting payment information, it might get access to Adobe users' bank accounts. Phishing refers to the act of sending out a message that pretends to be an official company email in an attempt to bait the victim into revealing their personal information. The fact that no passwords were exposed means that any scammers who might have stumbled upon this treasure trove would have just one scam available to them: Phishing. ZDNet covered the breach and included more details about what exactly was exposed, saying it included “Adobe member IDs (usernames), country of origin, and what Adobe products were using” in addition to email addresses. The data was, according to Adobe, “Creative Cloud customer information, including e-mail addresses,” but not “any passwords or financial information.” We are reviewing our development processes to help prevent a similar issue occurring in the future.” What Information Was Revealed? We promptly shut down the misconfigured environment, addressing the vulnerability. “Late last week, Adobe became aware of a vulnerability related to work on one of our prototype environments. They reported it to Adobe, and Adobe's security team was able to close the breach that day.Īdobe's team then publicly addressed the breach in a blog post this week: The breach was discovered by researcher Bob Diachenko from Security Discovery and tech journalist Paul Bischoff of CompariTech on October 19. Elasticsearch is a type of database designed for the easy hosting and management of documents and semi-structured data, making it a potential target for an opportunistic scammer. The data was left exposed and not password-protected in an online-accessible Elasticsearch database. In other words, those with an Adobe Creative Cloud subscription should be wary when checking their email, as internet scammers might have access to millions of Adobe user emails. While it's uncertain whether or not these details have actually made it into the public domain, it's healthy to act with a little caution.
The company was quick to address the issue when informed, but not before the details of its users had been exposed. The exposed data didn't include any passwords or financial details, but did include email addresses. Issues are happening across browsers and devices.The private information of almost 7.5 million Adobe Creative Cloud users has been exposed in a new security breach. They do not receive any error (or confirmation), it just doesn't go through. They had 2 Creative Cloud assignments and successfully submitted one but cannot submit the other. We're going back and forth with Adobe support, but so far no resolution.Ī second issue came in this afternoon. The console shows a bunch of cookie expiry errors with "token" at the end of the line.
Other students show an Adobe token in their account settings and this student is missing that token. We're able to login directly to adobe with their district credentials but can not get them into Canvas. Has anyone encountered issues with the Adobe Creative Cloud Express (formerly Adobe Spark) integration? I had a report from a school this morning for a student who is getting stuck in a login loop when they try to open the Adobe assignment in Canvas.