As per the conversation with the Mashable team and Adobe, they have informed that no financial data or passwords were part of this large scale data breach. Adobe Creative Cloud is used by atleast 15 million people all around the world and is loved by the creative industry globally.
Adobe official statement is as follows –
“At Adobe, we believe transparency with our customers is essential. As such, we wanted to share a security update.
Late last week, Adobe became aware of a vulnerability related to work on one of our prototype environments. We promptly shut down the misconfigured environment, addressing the vulnerability.
The environment contained Creative Cloud customer information, including e-mail addresses, but did not include any passwords or financial information. This issue was not connected to, nor did it affect, the operation of any Adobe core products or services.
We are reviewing our development processes to help prevent a similar issue occurring in the future.”
Earlier this month, security researcher Bob Diachenko worked along with the cybersecurity firm Comparitech to reveal an unsecured Elasticsearch database which belonged to Adobe Creative Cloud subscription service and found out, that was accessible to anyone without any password or authentication.
Adobe was immediately alarmed of this situation.
As mentioned earlier, this data can be used against the users to attack them with Phishing mails. Adobe has made sure that the situation is under control. However, if you get any mail from Adobe asking for password etc, you should immediately get in touch with the support to double-check the authenticity of the mail.
Also, if you have not authenticated the two-step process to login to your account, you should do it on priority to protect your data.