Adobe, popular for its products like Photoshop, Illustrator, Fireworks and many more, had data of its nearly 7.5 million Creative Cloud users exposed to the public internet.
When the company opt to use subscription model for its products, users have to have Creative Cloud accounts to obtain license. This makes Adobe's products more affordable, with Adobe more in control. However, this kind of business model involves users data.
And when that data is exposed to the internet, there is no saying what bad actors would do if they get their hands on them.
The leaked database contained users' sensitive information that include email address, account creation data, Adobe products users have subscribed to, subscription and payment status, local timezone, member ID, last login time, and whether or not they are Adobe employees.
This leak that was discovered by security researcher Bob Diachenko and Comparitech, was accessible to anyone through a web browser.
While no passwords or financial information such as credit card numbers were exposed, the data is sensitive enough to cause real problems for Creative Cloud users.
On October 25th, Adobe posted a statement on its Security Update web page:
"Late last week, Adobe became aware of a vulnerability related to work on one of our prototype environments. We promptly shut down the misconfigured environment, addressing the vulnerability."
"The environment contained Creative Cloud customer information, including e-mail addresses, but did not include any passwords or financial information. This issue was not connected to, nor did it affect, the operation of any Adobe core products or services."
"We are reviewing our development processes to help prevent a similar issue occurring in the future."
Before Adobe puts its products to the cloud with Creative Cloud, Adobe offered individual products as well as software suites containing several products with a perpetual software license.
This approach was costly for Adobe, and also difficult to maintain.
With the advancements of technology and internet, as well as cloud computing, Adobe started offering Creative Cloud in 2011, where users pay a monthly or annual subscription service to use its products. This approach makes it easier for Adobe to maintain its products.
The most affected however, would be the users.
While the subscription model makes Adobe's products cheaper, the change from perpetual licenses to a subscription model was met with significant criticism. While many investors applauded the move, many customers reacted negatively.
By putting every functionalities inside the cloud, users are left with nothing other than the license itself. In case of disruption for example, users would be left with no access to Adobe's app.
And in this database leak case, it's just another drawback of Adobe's subscription model.
Previously, Adobe also experienced a major data leak in 2013, when hackers managed to main access to 38 million customers' usernames, encrypted passwords, and credit card information.
Adobe's case shows how difficult it is to maintain and secure user data.