Adobe exposed the data of 7.5 million of its creative software customers, a person familiar with the matter said, in the latest example of a company leaving consumer information visible on the Internet.
Adobe addressed the vulnerability the same day it was discovered — 19 October — said the person, who asked not to be identified discussing the breach. The San Jose, California-based software maker said it shut off public access to a database of customer e-mail addresses last week, according to a blog post on Friday.
“This issue was not connected to, nor did it affect, the operation of any Adobe core products or services,” the company said in the post. “We are reviewing our development processes to help prevent a similar issue occurring in the future.”
A researcher also found users’ member identifications, subscription status, payment status and whether the user was an Adobe employee, according to the website Comparitech, which first reported on the security lapse. The information didn’t include passwords or any financial information, Adobe said in the post.
Adobe is the market leader in creative software, with products that include the Photoshop, Illustrator, InDesign and Premiere applications. The current data exposure is far smaller than Adobe’s last one. The company said in 2013 that attackers had stolen usernames and encrypted passwords for 38 million customers. Misconfigured corporate systems that accidentally make private information public have contributed to recent high-profile breaches, including the Capital One Financial hack in July. — Reported by Nico Grant, (c) 2019 Bloomberg LP