An unsecured Elasticsearch database left exposed the account information of about 7.5 million Adobe Creative Cloud users.
Comparitech, in association with security researcher Bob Diachenko, found the Adobe database, which could be accessed without a password or any login credentials. The company was notified on October 19 and the database was locked down that day.
However, a great deal of information was left exposed, for an indeterminate amount of time, possibly as long as a week, according to Diachenko.
“The environment contained Creative Cloud customer information, including e-mail addresses, but did not include any passwords or financial information. This issue was not connected to, nor did it affect, the operation of any Adobe core products or services,” Adobe said in a statement.