A lot of data breaches are the work of highly-skilled hackers who use technical know-how to infiltrate a company’s cyber defenses. Others are not so elaborate, such as when a low-level criminal sends a phishing email to a company employee, one that contains a virus purchased on the dark web. While those two malicious scenarios involve different ability levels, there is a whole other possibility for data breaches, that being accidental overexposures. The Adobe account information leak followed a similar scenario.
When a company employee allows information to simply exist in a way that anyone can steal it, it is called an accidental overexposure. Unfortunately, recent news has demonstrated that far too many businesses are storing their sensitive data in cloud-based storage solutions, then failing to secure it.
As the recently announced Adobe Creative Cloud breach, leading to Adobe account information leaked shows, all it takes is uploading a few customers’ login credentials—or in this case, about seven million customers’ data—to a cloud-based storage bucket and then not switching the default setting of “no password required” to a password-protected option.
Security researcher Bob Diachenko and Comparitech discovered the database of emails, usernames and product selections online, available to anyone who stumbled upon it in their web browser. While some estimates show that the database was left exposed for about a week, there is no way of knowing how long it was visible. The experts who found it alerted Adobe, who secured the database that same day after Adobe Account information leaked.
Unfortunately, with such a common occurrence as this, there is really only one recourse consumers have. It is imperative that all tech users rely on strong, unique passwords for all of their online accounts, and that they change these passwords regularly. That way, if a database is left exposed and a nefarious actor discovers it, the password contained in the database will be useless because it is outdated.
Also, as the information contained in this breach event shows, learning how to spot spam and phishing emails is another way to protect yourself. With limited information such as this, scammers can easily send users emails that masquerade as communications from Adobe, even going so far as to list the exact products the recipients use. Be alert to this kind of tactic, and know how to protect yourself from emailed threats.
You might also like…