Adobe exposed the data of 7.5 million of its creative-software customers, a person familiar with the matter said, in the latest example of a company leaving consumer information visible on the internet.
Adobe addressed the vulnerability the same day it was discovered, Oct. 19, said the person, who asked not to be identified discussing the breach. The San Jose, California-based software maker said it shut off public access to a database of customer email addresses last week, according to a blog post Friday.
“This issue was not connected to, nor did it affect, the operation of any Adobe core products or services,” the company said in the post. “We are reviewing our development processes to help prevent a similar issue occurring in the future.”
A researcher also found users’ member identifications, subscription status, payment status and whether the user was an Adobe employee, according to the website Comparitech, which first reported on the security lapse. The information didn’t include passwords or any financial information, Adobe said in the post.
Adobe is the market leader in creative software, with products that include the Photoshop, Illustrator, InDesign, and Premiere applications. The current data exposure is far smaller than Adobe’s last one. The company said in 2013 that attackers had stolen user names and encrypted passwords for 38 million customers. Misconfigured corporate systems that accidentally make private information public have contributed to recent high-profile breaches, including the Capital One Financialhack in July.