Check your accounts: Leaked database leaves 7.5 million people open to phishing

Check your accounts: Leaked database leaves 7.5 million people open to phishing

There’s another massive data leak consumers need to watch out for — and hackers aren’t to blame for this one. The leak involves a popular software suite used by both individuals and companies.

That data leak is the result of a security failure that allowed millions of records to be exposed.

It’s estimated 7.5 million people are affected by the leak, which exposed very sensitive information. That leaves customers and their companies open to sophisticated phishing scams aimed at getting more information and money from account holders. Click here to find out just how much more sophisticated phishing scams are becoming.

Company’s carelessness makes users targets

Adobe Creative Cloud accidentally exposed a collection of sensitive data. Adobe Creative Cloud gives users access to Photoshop, Illustrator, After Effects, InDesign, Premiere  and more — programs used across creative industries. The pro-consumer website, Comparitech, was the first to break news of the leak.

Top cybersecurity expert and data-breach hunter Bob Diachenko uncovered the breach on Oct. 19. The data leak exposed:

  • Email addresses
  • Account creation dates
  • Which Adobe products people use
  • Subscription status
  • Whether the user is an Adobe employee
  • Member IDs
  • Country
  • Time since last login
  • Payment status

Comparitech reported Adobe acted quickly to secure the exposed data the same day it was notified about the security failure. In addition, Adobe stressed the leak did not include any passwords or financial information and did not affect “the operation of any Adobe core products or services.”

What still remains unknown is whether any of the information made its way into the hands of hackers before Adobe was able to secure the data leak.

Phishing time for hackers

If hackers did get their hands on the data, it’s likely to lead to spear phishing. Unlike regular phishing, which casts a wide and unsophisticated net, spear phishing targets a particular group and deploys hard-to-detect techniques.

For example, emails are very professional-looking, seem to come from a person within the company — even the CEO — and links lead to spoof sites that very closely mimic the company’s actual site. From the spoofed site, hackers can catch even more information from account holders, such as login IDs and passwords.

To avoid getting caught up in a spear-phishing scam, Komando.com offers these tips:

  • Check incoming email addresses carefully, especially when they demand financial transactions. Even a single missing character could be the difference between a real email and a fake one.
  • Look for recurring subject lines like “Request,” “Follow-up,” “Urgent/Important,” “Are you available?/Are you at your desk?” and others.
  • Verify messages from your boss requesting money transfers, gift card purchases and any request involving sensitive company information. Go see them in person or call them.
  • Don’t click on web links or attachments in any suspicious emails.
  • IT must make sure employees are aware of these types of attacks and implement proper training.

A recent study by the Better Business Bureau (BBB), “Is That Email Really From ‘The Boss?’ The Explosion of Business Email Compromise (BEC) Scams,” shows how prevalent and bold these spear-phishing scams are becoming.

The study found spear-phishing scams have cost businesses and other organizations more than $3 billion since 2016. Click here to get more information on the BBB study.

According to the FBI, there are at least six types of BEC or email account compromise fraud:

  1. The “CEO” asking the CFO to wire money to someone.
  2. A vendor or supplier requesting a change in invoice payment.
  3. Executives requesting copies of employee tax information.
  4. Senior employees asking to have their pay deposited into a new bank account.
  5. An employer or clergy asking the email recipients to buy gift cards on their behalf.
  6. A realtor or title company redirecting proceeds from a sale into a new account.

Payroll scams, in particular, are spreading rapidly. Click here to read how it takes just one person in a business or organization to set the malware devils loose, simply by opening a bad email link.

Here at Komando.com, we work to make sure you have the most up-to-date information on all the possible dangers lurking in cyberspace. So, tap or click here to sign up for Kim’s Fraud & Security Alerts newsletter and be the first to learn about product recalls, data breaches and breaking tech news.

Tags: cybersecurity, hackers, malware, security