The database containing the sensitive user info, discovered by security researcher Bob Diachenko and Comparitech, was accessible to anyone through a web browser.

The exposed user data for the nearly 7.5 million accounts included email addresses, the Adobe products they subscribed to, account creation date, subscription and payment status, local timezone, member ID, time of last login, and whether they were an Adobe employee.

Diachenko notified Adobe of the exposed data on October 19, 2019 and within the day Adobe had secured the database. It’s unknown how long the database was vulnerable and whether or not anyone gained access to it, but Diachenko believes it was ‘exposed for about a week.’

Bad behavior by security expert, as such database being widely available to anyone could significantly help the industry to become more healthy - read, make Adobe customers think where it all going and choose alternatives.