Adobe’s Data Security Breach Was Not Really the Creative Cloud
Adobe’s recent and regrettable data security breach has been getting a lot of headlines, but not always for the right reasons…
Although the sizeable breach has nothing to do in particular with Adobe’s new Creative Cloud offering, it has nonetheless been scapegoated here.
A popular online photography site wrote, “The attack exposes a weakness in the company’s new Creative Cloud subscription model…”
Well, not really.
Adobe Forum posters say things like, “This makes me like Creative Cloud less.”
But in fact, the breach was not only for Creative Cloud customers, but rather for Adobe ID accounts generally – which most customers have for any type of product, including CS6 and earlier, Acrobat, Lightroom, and so on.
Creating such an account is/was required for Creative Suite 6 starting in May 2012. It also happens during product registration and if you want to interact online with Adobe in almost any way.
For any direct software purchase – including CC or CS6 (which still remains available) – Adobe would have your credit card details on file, just like with Apple, Amazon, eBay/PayPal, Dell, Overstock, etc. Adobe should have protected this information better – but fortunately in this case, the company says that data was encrypted and (as of Monday) currently has no indication that there has been unauthorized activity on any Adobe ID account involved in the incident.
Regardless, there are still some recommended precautions:
But bear in mind that having your credit card information stolen is not the same thing as identity theft … For consumers reacting to news about their credit or debit card being compromised, it probably makes more sense to opt for placing fraud alerts and obtaining free copies of your credit report several times annually, as specified by law. And remember that the card associations all have zero-liability policies.
Read Adobe’s Customer Security Alert FAQ.
Obviously, all storing of personal credentials online or use of credit cards anywhere (at any merchant) carries some risk… Credit cards are relatively safe in a home lockbox but that’s not what they were created for. We recommend CreditKarma.com for completely free credit scores and monitoring, any time and all the time.
Finally, all the leading creative tools like Photoshop CC and Illustrator CC remain desktop applications that download and run locally on your computer desktop, not in or over the cloud. These are not web applications or hosted software.
The “cloud” part of Creative Cloud (all the online file storage, sharing, and syncing) is actually handled by Amazon:
Creative Cloud is hosted on Amazon Web Services™ (AWS) in the United States, Europe, and Asia. AWS offers a reliable platform for software services used by thousands of businesses worldwide. AWS provides services in accordance with security best practices and undergoes industry-recognized certifications and audits: PCI DSS Level 1, ISO 27001, FISMA Moderate, HIPAA, and SAS 70 Type II. This means that Cloud members benefit from the latest in security practices for stored assets.
So not to make excuses for what transpired here – just to be clear that while the Creative Cloud and this security incident happened close together in time, they are not directly related.