![adobe database leak adobe database leak](https://www.wizcase.com/wp-content/uploads/2021/05/Millions-of-Users-data-Exposed-in-Mobile-Game-Database-Leak.jpg)
This starts with following best practices for configuration, something that is widely available for each platform, as well as implementing data-centric security to protect and deidentify data – something that is designed to be analytics friendly and strongly protects the data regardless of what it is stored in, who has possession of it, or whether the system or perimeter is compromised,” he said.Īnurag Kahol, CTO at Bitglass, said that there are tools designed to detect abusable misconfigurations within IT assets like Elasticsearch databases – meaning it doesn’t take much effort for outsiders to find unsecured databases. “Instead of remaining sanguine, it’s time for organisations to face reality and act to secure their data. Recently, after an ElasticSearch database containing personal details of nearly 72,000 users of online dating app Heyyo was found exposed on the Internet, Warren Poschman, senior solutions architect at comforte AG, told TEISS that unsecured or misconfigured NoSQL instances continue to be prevalent as the virtual low-hanging fruit for cyber criminals. “Organisations need to constantly audit cloud services and control access and protect authentication and authorisation using a combination of Privileged Access Management and MFA,” he added.
![adobe database leak adobe database leak](https://www.cnet.com/a/img/udqI0jFsBs1sDof-ztN4AsqfGBc=/1200x675/2011/10/07/d92d48e2-f0e3-11e2-8c7c-d4ae52e62bcc/Privacy2.jpg)
Too many individuals have too much access to too many cloud services and organisations are struggling to maintain controls. Companies need to follow best practices for configuration to prevent exposuresĬommenting about the ElasticSearch database exposure, Stuart Sharp, VP of solution engineering at OneLogin, said that the incident illustrates the lack of controls that organisations have for controlling access to cloud services and the data they hold. People across the world have to subscribe to the Adobe Creative Cloud service in order to use a range of Adobe products such as Photoshop, Lightroom, Lightroom Classic, Illustrator, InDesign, Premiere Pro, Audition, After Effects, and others. We are reviewing our development processes to help prevent a similar issue occurring in the future,” the company said. This issue was not connected to, nor did it affect, the operation of any Adobe core products or services. “The environment contained Creative Cloud customer information, including e-mail addresses, but did not include any passwords or financial information. We promptly shut down the misconfigured environment, addressing the vulnerability. “Late last week, Adobe became aware of a vulnerability related to work on one of our prototype environments. Fraudsters could pose as Adobe or a related company and trick users into giving up further info, such as passwords,” said Comparitech, adding that since the data did not include payment information or passwords, the exposure did not pose a direct financial or security threat to users.Īdobe issued a press release on Friday to inform its community about the cyber incident, stating that the exposure did not impact any Adobe core products or services. “The information exposed in this leak could be used against Adobe Creative Cloud users in targeted phishing emails and scams.
![adobe database leak adobe database leak](https://willdrevo.com/public/img/posts/leaks-post/top_10_leaks_count.png)
Exposed data could allow hackers to carry out phishing campaigns Data records in the database included email addresses, member IDs, country of origin, whether the user is an Adobe employee, which Adobe products a user has subscribed to, account creation date, payment status, subscription status, and time since last login. Information stored in the ElasticSearch database was, according to Comparitech, exposed for about a week before it was discovered. The exposed cloud database containing data records of Adobe Creative Cloud users was discovered by security researcher Bob Diachenko on 19 October and was secured on the same day by Adobe after the company was informed about the exposure. Security researchers recently discovered an unprotected ElasticSearch database that contained nearly 7.5 million data records belonging to users of Adobe Creative Cloud and could be accessed by anyone with an Internet connection.