Misconfigured ElasticSearch Database Exposed Almost 7.5 million Adobe Creative Cloud Users’ Records
A misconfigured cloud-based ElasticSearch database has exposed almost 7.5 million Adobe Creative Cloud user records that include email addresses, member IDs, information on installed Adobe products and subscription statuses, and whether or not they are Adobe employees.
The leaky database, which was reported to and secured by Adobe on October 19, was discovered by security researcher Bob Diachenko in partnership with Comparitech.
Adobe Creative Cloud is a subscription-based service that allows users to use Adobe’s creative apps for video, design, photography, and the web.
According to Diachenko, the ElasticSearch database may have been left unsecured for about a week. Information on who was able to access this database is also unknown.
[READ: Multistage Attack Delivers BillGates/Setag Backdoor, Can Turn Elasticsearch Databases into DDoS Botnet ‘Zombies’]
Other information that was left exposed to the public include the members’ country of origin, account creation date, and time since last login. It should be noted that no sensitive payment information or passwords have been exposed, but the user data that was disclosed may be used to lure victims into phishing scams.
The shared responsibility model for configuring cloud databases
Given that cloud services are offered by service providers that handle the hardware and back-end portions of the cloud, it’s easy to assume that they are also responsible for every aspect of security.
Cloud services allow organizations to focus on innovation rather than infrastructure, but it’s important to note that the different cloud service models come with a set of responsibilities for the user and the cloud service provider. This is what’s called the shared responsibility model of cloud security.
[READ: The Cloud: What it is and what it’s for]
Implementation of certain best practices can strengthen an organization’s cloud security and prevent their data from being publicly exposed:
Get to know your cloud. While cloud services offer convenience, it doesn’t necessarily mean that implementing a cloud workload is a “plug and play” affair. A company’s IT staff should take the time to learn all the settings and permissions of its cloud service and take advantage of any integrated security features. While this might take some time and effort on the part of the IT staff, it is necessary for securing the platform.
Check and modify credentials and permissions. Businesses that are just starting to use the cloud for their operations might assume that default configurations are good enough to prevent their workloads from being compromised. However, default configurations often offer very basic or even nonexistent security. Organizations should thoroughly check their existing credentials and permissions to confirm that access to their workloads is limited to those who should have it. Setting up multi-factor authentication also provide an extra layer of security.
Regularly audit cloud assets to check for signs of misconfiguration. A common mistake organizations make when it comes to their cloud assets is assuming that a properly configured cloud will always remain so. With the number of users accessing the cloud, any change could expose stored assets. For example, an employee may be able to create a new folder that doesn't require security credentials. The organization may not notice misconfigured settings without proper auditing and monitoring.
Implement security measures such as logging and network segmentation. The large number of users accessing the cloud can make it difficult to manage. Many cloud service providers offer logging tools that can help organizations see what is happening in the cloud. These tools can also alert IT staff of any unauthorized access or attack attempts.
Implementing strict user access minimizes the chance of exposed assets and compromised data. For example, human resource personnel should not have access to accounting data, nor should sales teams have access to IT logs. Businesses should consider network segmentation when configuring their cloud, as this minimizes the risks in case they become targets of attacks.
Choose the right security solutions when it comes to cloud security. Businesses looking to maximize their cloud security can also look into solutions that can bolster the integrated security features offered by cloud service providers. The best security solutions are those that can offer a complete package of features that include threat detection, network intrusion prevention, and security management.
The Trend Micro™ Deep Security™ for Cloud solution can provide proactive detection and prevention of threats, while Hybrid Cloud Security offers optimal security for hybrid environments that incorporate physical, virtual, and cloud workloads.
Businesses can also consider Trend Micro Deep Security as a Service, which is a dedicated protection system optimized for AWS, Azure, and VMware. It can help an organization’s IT department by securing servers without the need for any installations. It allows businesses to implement new upgrades without any downtime, and can instantly connect to the cloud and data center resources for proactive security measures.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Ransomware Spotlight: TargetCompany
- Email Threat Landscape Report: Cybercriminal Tactics, Techniques That Organizations Need to Know
- Preventing an Imminent Ransomware Attack With Early Detection and Investigation
- Inside the Halls of a Cybercrime Business
- Securing Cloud-Native Environments with Zero Trust: Real-World Attack Cases