back to article Time to check who left their database open and leaked 7.5m customer records: Hi there, Adobe Creative Cloud!

Adobe has pulled offline a public-facing poorly secured Elasticsearch database containing information on 7.5 million Creative Cloud customers. The cloud-based silo was uncovered by infosec detective Bob Diachenko, who reported it to Adobe last week. The exposed records include email addresses, account creation dates, details …

  1. GnuTzu Silver badge
    Alert

    Oh Crap!

    This is scary. They market this stuff to every business in the World. Can you imagine how bad this is going to get? No one-year free LifeLock account is going to clean up when this crap really hits the fan--because this is a World-sized fan.

    1. GnuTzu Silver badge
      Mushroom

      Re: Oh Crap!

      P.S. Make the bastards testify before Congress!!!

      1. robidy

        Re: Oh Crap!

        Yeah, I mean, it's not like they also lost well over 100 million account passwords in 2013 (based on the stolen data...though Adobe PR insisted it was only 38 million...apparently until someone gave them a copy).

  2. Bite my finger
    Meh

    What price Photoshop?

    I kicked Adobe to the curb as soon as I got a belly full of their then-new pay-for-play system. Never been sorry since, and this data-breach story gives me a warm glow of smug satisfaction. Won't save me from all the other breaches tho, oy...

    1. ds6 Bronze badge

      Re: What price Photoshop?

      Wish we would have when they killed off Device Licenses, and for three months did not offer an alternative; meaning no CC for our clients in the labs, despite the fact that materials had already been updated for it. Imagine how many schools were thrown out of whack when their device licenses just stopped working.

    2. Reginald Onway

      Re: What price Photoshop?

      I have an ancient stand alone copy of Photoshop that does what I need to do without selling my soul to rentier capitalists. I found a hack that keeps it from phoning home all the time.

      Did Adobe really lose the account data, or sell it on the sly? With Adobe nobody knows. They are about as trustworthy as Mr. Z and FB.

    3. Ruisert

      Re: What price Photoshop?

      And frankly, there are open-source versions of almost everything they produce. Photoshop? I have GIMP. Lightroom? I'm still using a 5.something version, works well enough for my needs, until it doesn't. Then it's a quick internet search away for an open source product that will.

  3. karlkarl Bronze badge

    Only amateurs use cloud editing software

    So no real business or professional details have been leaked.

    1. GnuTzu Silver badge
      Mushroom

      Re: Only amateurs use cloud editing software

      Sorry to break the news to you. Adobe is big enough to be one of those that are the most expert at being business brain-washers.

      They, along with Microsoft, Amazon, and Google, have marketing teams that are like the Priors of Ori. They can convince most any purchasing/acquisitions department that they have all the certifications that they need, and the buyers have no need to check with the IT department for feasibility or the security department for security review. Instead, they get buyer to commit the money and sign the contract without any of that stuff--and then, because the money is already committed and they can't back out of the contract, ram their fricken evil products down IT and InfoSec's throats with a pile driver. They back us into a corner and say thinks like "we've already paid for it"; "make it work or we'll ruin your career."

      I've seen it! This crap is real! Sorry, we are so seriously frickin doomed, just as so many planets visited by the Priors of Ori.

      1. Bite my finger

        Re: Only amateurs use cloud editing software

        > "...we are so seriously frickin doomed..."

        You mean you didn't already know that?!

      2. ecofeco Silver badge

        Re: Only amateurs use cloud editing software

        Been this way for decades. Where have you been?

        As for doomed? Yeah, the DOD just chose MS for their JEDI project. We are FUBAR'd.

      3. Charlie van Becelaere
        Thumb Up

        Re: Only amateurs use cloud editing software

        Thumbs up for the Stargate reference!

    2. LDS Silver badge

      Re: Only amateurs use cloud editing software

      Only the download and subscriptions checks are in the cloud. Applications still install and run locally. So the name is mostly a marketing gimmick.

      If you want you can store your images in the cloud, but it's not mandatory yet.

      Adobe wants more of your money, and more of your data, so it needs to keep people using its products.

      1. Gene Cash Silver badge

        Re: Only amateurs use cloud editing software

        Only the download and subscriptions checks are in the cloud

        Yup. Meaning the applications "installed and running locally" tell you to piss off when your network connection is down and it can't contact the Adobe license server. So it's "network's down? artists are down"

        1. LDS Silver badge

          Re: Only amateurs use cloud editing software

          The check is not done at every run, so if you're lucky you can work even when not connected. But as Venezuelans find out, your applications can be made non-working directly from Adobe.

          Anyway as long as people think it's good using G Suite and the like, Adobe knows there are enough people to get money from, especially as long as it has very little competition for medium and high-end needs.

  4. mark l 2 Silver badge

    Adobe really are a bunch of amateurs playing at being a software company. They consistently push out buggy and insecure code and now leave millions of client details wide open for everyone to see.

    1. GnuTzu Silver badge

      Hey, look at the document standards they've created. Somehow people think they must be geniuses. Well, as financial geniuses, they can recognize that they can use their publicly recognized standards as badges of merit--and don't have to hire anyone that can frikin' code. How's that for a profit motive?

      And, BTW, PDF files are crap. They're based on a printer format and have no meaningful structure. I'd bother to look to see if there are any tools to convert them back into something meaningful, though that would be kludgy bit of hit or miss if such a thing could work at all. So, I avoid them like the plague.

      1. Anonymous Coward
        Anonymous Coward

        You’re mixed up. It’s ok to be mad at Adobe, I am too, but your rant about PDF is somewhat pointless.

        PDF is global standard and it has a purpose present a document as it looks in its final print form, on any OS or device. There’s huge advantages in that.

        And yes, there are PDF editors and converters available. Typically the more expensive ones do a far better job.

        1. Lee D Silver badge

          PDF is just Postscript with knobs on.

          The day they introduced Javascript into it, it went downhill.

          It's useful, cross-platform, standardised, etc. but it's not a miracle by any means.

    2. John Brown (no body) Silver badge

      "Adobe really are a bunch of amateurs playing at being a software company. They consistently push out buggy and insecure code and now leave millions of client details wide open for everyone to see."

      I think if I was a black hat, I'd be culling that data for all the Venezuelan email address I could find and sending of phishing emails along the lines of "Dear Sir, despite the US embargo on trade with your fine country, we have found a loophole that allows us to re-enable your account. Just log-in at this link and provide your details so we can take a special addition payment."

    3. Carpet Deal 'em Bronze badge

      The only reason Adobe makes software is because you can't have security holes without it.

    4. sbt Silver badge
      Pirate

      Adobe really are a bunch of amateurs

      I particularly enjoyed the one where a licensing screw up meant they had to make the CS2 versions available for download without checks. It was nice to upgrade from Elements 3.0.

    5. Steve Davies 3 Silver badge

      re: Adobe and buggy code

      So they are really no different from any of the usual suspects that get mentioned here on a regular basis...

      That's how it is today. Release and be dammed.

  5. hatti

    The A Team

    Sounds like a job for Dido Harding ( cough - Talk Talk - cough )

    1. Anonymous Coward
      Anonymous Coward

      Re: The A Team

      I'm not sure Dido Harding would fit in.

      And yes, I'm aware of her time at TalkTalk, but TalkTalk were cheap and cheerful, Adobe is more "that will cost you $$$ for what you have already paid for and please include the price of one bullet" before promptly shooting one of your relatives...

  6. Lorribot

    I hope the EU hammer them big time for the Data Breach, given how hard Adobe are when it comes to licencing audits, this is one security audit major fail.

    A top level fine of 4% of global turnover may just make them and the other American multinationals actually take notice at last that they need to get serious about privacy.

    Unfortunately they will still be able to ignore the UK government and any fines it imposes, like Facebook did, when Brexit eventually happens.

    1. Wade Burchette Silver badge

      What really needs to happen is the CEO needs to be fined. If you make the boss pay a fine for junk like this I guarantee you it will be fixed and fast.

      1. Charles 9 Silver badge

        No, it'll be cheaper and easier for them to just pass it down. What you need is a solution where passing it down or even changing the rules isn't worth it versus simply complying completely.

  7. Anonymous Coward
    Anonymous Coward

    How's that idiom go...

    Fool me once, shame of you,

    Fool me twice, shame on me.

    1. Wade Burchette Silver badge

      Re: How's that idiom go...

      Fool me one hundred times, I must be Adobe.

      1. Lee D Silver badge

        Re: How's that idiom go...

        Or Oracle

    2. Anonymous Coward
      Anonymous Coward

      Re: How's that idiom go...

      They were probably thinking of the other version:

      Fool me once, shame on...shame on you. Fool me — you can't get fooled again.

      - President Bush.

      Only in Adobe's world, they did get fooled. Time and time again.

  8. CountCadaver Bronze badge

    Adobe breach #2

    sure adobe had a previous breach not that long ago either....

    Yep they did

    "Adobe: In October 2013, 153 million Adobe accounts were breached with each containing an internal ID, username, email, encrypted password and a password hint in plain text. The password cryptography was poorly done and many were quickly resolved back to plain text. The unencrypted hints also disclosed much about the passwords adding further to the risk that hundreds of millions of Adobe customers already faced.

    Compromised data: Email addresses, Password hints, Passwords, Usernames"

    From https://haveibeenpwned.com/

    Think they would have learned by now?

    1. indigomm

      Re: Adobe breach #2

      Had the same thought - how can anyone have forgotten the other breach? Their line about 'learning' from this is just rubbish - they obviously haven't put in place any new security since the last breach, and don't give a toss about security.

      Fortunately we only licence Adobe products to receive files from other parties. Will now start looking if we even need to do that.

      1. CountCadaver Bronze badge

        Re: Adobe breach #2

        Suggest if your not using all the features of photoshop and just opening them then there are a myriad of options

        Serif Affinity Photo isn't bad, it does a lot and seems quite "photoshop" like and might cover editing needs, price ain;t bad either....

  9. steviebuk Silver badge

    Bollocks

    Another reason i hate forced to the cloud monthly subs. Bring back the days of being able to buy Dreamweaver once and use it for years without upgrading.

  10. adam payne Silver badge

    "We are reviewing our development processes to help prevent a similar issue occurring in the future," Adobe said of the exposure.

    I'm sure you said something similar the last time.

  11. holmegm Bronze badge

    Why??

    Why is it so easy to do this? Why would you *ever* want a database to be world readable?

    Surely wanting the database to be world readable is such an edge case that it should be at the very least *difficult* to do ... so why is it so dang easy? (As it clearly must be, with all these examples?)

  12. LeahroyNake Silver badge

    7.5M

    Thats 7'500'000.

    Or

    Less that the population of Turkey

    Or

    more than the population of France

    I just think it looks a lot worse showing it that way.

    I have another number. 0

    The chance of me ever buying an Abobe cloud subscription.... And you can take that to the bank!

    1. IGotOut
      WTF?

      Re: 7.5M

      Errr not sure which France you are on about, but the current European one has almost 70 million people.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019