Adobe: Difference between revisions

Line 16:

===Proprietary file formats===

Works created in Adobe software come in Adobe-exclusive file formats such as .psd for Photoshop<ref>{{Cite web |last=Smith |first=Colin |date= |title=Most commonly used file types in Photoshop |url=https://photoshopcafe.com/commonly-used-file-types-photoshop/ |url-status=live |archive-url=https://archive.ph/0ZT6H |archive-date=5 Jan 2026 |access-date=2025-09-30 |website=Photoshop CAFE}}</ref><ref>{{Cite web |last=Williams |first=Brendan |date=2023-10-12 |title=File Formats In Photoshop Explained (Complete List) |url=https://www.bwillcreative.com/file-formats-in-photoshop-explained/ |url-status=live |archive-url=https://archive.ph/mTNlg |archive-date=2026~~-01-04~~ |access-date=2025-09-30 |website=Brendan Williams Creative}}</ref> and .indd for InDesign.<ref>{{Cite web |title=Which File Format?: A Guide to INDD, IDML, INX and Everything In-Between |url=https://indesignskills.com/tutorials/open-indesign-files-in-earlier-versions/ |url-status=live |archive-url=https://archive.ph/SumKq |archive-date=2026~~-01-04~~ |access-date=2025-09-30 |website=InDesign Skills}}</ref>

Works created in Adobe software come in Adobe-exclusive file formats such as .psd for Photoshop<ref>{{Cite web |last=Smith |first=Colin |date= |title=Most commonly used file types in Photoshop |url=https://photoshopcafe.com/commonly-used-file-types-photoshop/ |url-status=live |archive-url=https://archive.ph/0ZT6H |archive-date=5 Jan 2026 |access-date=2025-09-30 |website=Photoshop CAFE}}</ref><ref>{{Cite web |last=Williams |first=Brendan |date=2023-10-12 |title=File Formats In Photoshop Explained (Complete List) |url=https://www.bwillcreative.com/file-formats-in-photoshop-explained/ |url-status=live |archive-url=https://archive.ph/mTNlg |archive-date=5 Jan 2026 |access-date=2025-09-30 |website=Brendan Williams Creative}}</ref> and .indd for InDesign.<ref>{{Cite web |title=Which File Format?: A Guide to INDD, IDML, INX and Everything In-Between |url=https://indesignskills.com/tutorials/open-indesign-files-in-earlier-versions/ |url-status=live |archive-url=https://archive.ph/SumKq |archive-date=5 Jan 2026 |access-date=2025-09-30 |website=InDesign Skills}}</ref>

===Data breaches===

In 2013, Adobe disclosed a data breach affecting approximately 3 million customers. This number was later revised to approximately 38 million. <ref>{{Cite web |last=Finkle |first=Jim |date=29 Oct 2013 |title=Adobe data breach more extensive than previously disclosed |url=https://www.reuters.com/article/technology/adobe-data-breach-more-extensive-than-previously-disclosed-idUSBRE99S1DJ |website=reuters.com/}}</ref> This incident resulted in a $1,000,000 settlement and a commitment to implementing new security policies. <ref>{{Cite web |date=15 Nov 2016 |title=Adobe to Pay $1 Million, Update Security Policies to Resolve Multistate Investigation Into Data Breach |url=https://www.mass.gov/news/adobe-to-pay-1-million-update-security-policies-to-resolve-multistate-investigation-into-data-breach |url-status=live |archive-url=https://archive.ph/nSVpL |archive-date=2026~~-01-04~~ |website=mass.gov}}</ref> In 2019, researchers discovered that Adobe's Elasticsearch database was insecure, potentially exposing the information of approximately 7.5 million users. <ref>{{Cite web |last=Khandelwal |first=Swati |date=26 Oct 2019 |title=Unsecured Adobe Server Exposes Data for 7.5 Million Creative Cloud Users |url=https://thehackernews.com/2019/10/adobe-database-leaked.html?utm_source=chatgpt.com |url-status=live |archive-url=https://archive.ph/UfO7n |archive-date=12 Apr 2020}}</ref> Breaches impacting U.S. federal agencies and Adobe Commerce/Magento stores also occurred in 2023 and 2024, respectively. <ref>{{Cite web |date=5 Dec 2023 |title=Threat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial Access to Government Servers |url=https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-339a |url-status=live |archive-url=https://archive.ph/8g4C3 |archive-date=15 Jan 2024 |website=cisa.gov}}</ref><ref>{{Cite web |last=Sansec Forensics Team |date=1 Oct 2024 |title=Thousands of Adobe Commerce stores hacked in competing CosmicSting campaigns |url=https://sansec.io/research/cosmicsting-fallout |url-status=live |archive-url=https://archive.ph/vj2if |archive-date=5 Jan 2026 |website=sansec.io}}</ref>

In 2013, Adobe disclosed a data breach affecting approximately 3 million customers. This number was later revised to approximately 38 million. <ref>{{Cite web |last=Finkle |first=Jim |date=29 Oct 2013 |title=Adobe data breach more extensive than previously disclosed |url=https://www.reuters.com/article/technology/adobe-data-breach-more-extensive-than-previously-disclosed-idUSBRE99S1DJ |website=reuters.com/}}</ref> This incident resulted in a $1,000,000 settlement and a commitment to implementing new security policies. <ref>{{Cite web |date=15 Nov 2016 |title=Adobe to Pay $1 Million, Update Security Policies to Resolve Multistate Investigation Into Data Breach |url=https://www.mass.gov/news/adobe-to-pay-1-million-update-security-policies-to-resolve-multistate-investigation-into-data-breach |url-status=live |archive-url=https://archive.ph/nSVpL |archive-date=5 Jan 2026 |website=mass.gov}}</ref> In 2019, researchers discovered that Adobe's Elasticsearch database was insecure, potentially exposing the information of approximately 7.5 million users. <ref>{{Cite web |last=Khandelwal |first=Swati |date=26 Oct 2019 |title=Unsecured Adobe Server Exposes Data for 7.5 Million Creative Cloud Users |url=https://thehackernews.com/2019/10/adobe-database-leaked.html?utm_source=chatgpt.com |url-status=live |archive-url=https://archive.ph/UfO7n |archive-date=12 Apr 2020}}</ref> Breaches impacting U.S. federal agencies and Adobe Commerce/Magento stores also occurred in 2023 and 2024, respectively. <ref>{{Cite web |date=5 Dec 2023 |title=Threat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial Access to Government Servers |url=https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-339a |url-status=live |archive-url=https://archive.ph/8g4C3 |archive-date=15 Jan 2024 |website=cisa.gov}}</ref><ref>{{Cite web |last=Sansec Forensics Team |date=1 Oct 2024 |title=Thousands of Adobe Commerce stores hacked in competing CosmicSting campaigns |url=https://sansec.io/research/cosmicsting-fallout |url-status=live |archive-url=https://archive.ph/vj2if |archive-date=5 Jan 2026 |website=sansec.io}}</ref>

==Incidents==

Line 43:

===User documents forced into the cloud with no opt-out===

Some of Adobe's iPad applications, including, but not limited to, the digital painting application Adobe Fresco<ref>{{Cite web |author=PaulaArtist2 |date=2021-12-13 |title=[How To] Save work locally / work offline |url=https://community.adobe.com/t5/fresco-discussions/how-to-save-work-locally-work-offline/m-p/12390252 |url-status=live |archive-url=https://archive.ph/WreAh |archive-date=2026~~-01-04~~ |access-date=2025-09-22 |website=Adobe Community}}</ref> and the document scanning application Adobe Scan<ref>{{Cite web |last=Tagra |first=Ria |date=2021-06-14 |title=Does Adobe Scan offer a way to not utilize the Adobe Cloud |url=https://community.adobe.com/t5/adobe-scan-discussions/does-adobe-scan-offer-a-way-to-not-utilize-the-adobe-cloud/m-p/12104402 |url-status=live |archive-url=https://archive.ph/cO5G1 |archive-date=2026~~-01-04~~ |access-date=2025-09-22 |website=Adobe Community}}</ref>, require an account to access and do not offer any option to opt out of syncing all documents created in these applications with Adobe's cloud servers. Similarly, the new non-Classic versions of Lightroom are fundamentally built around uploading all images to Adobe's cloud.

Some of Adobe's iPad applications, including, but not limited to, the digital painting application Adobe Fresco<ref>{{Cite web |author=PaulaArtist2 |date=2021-12-13 |title=[How To] Save work locally / work offline |url=https://community.adobe.com/t5/fresco-discussions/how-to-save-work-locally-work-offline/m-p/12390252 |url-status=live |archive-url=https://archive.ph/WreAh |archive-date=5 Jan 2026 |access-date=2025-09-22 |website=Adobe Community}}</ref> and the document scanning application Adobe Scan<ref>{{Cite web |last=Tagra |first=Ria |date=2021-06-14 |title=Does Adobe Scan offer a way to not utilize the Adobe Cloud |url=https://community.adobe.com/t5/adobe-scan-discussions/does-adobe-scan-offer-a-way-to-not-utilize-the-adobe-cloud/m-p/12104402 |url-status=live |archive-url=https://archive.ph/cO5G1 |archive-date=5 Jan 2026 |access-date=2025-09-22 |website=Adobe Community}}</ref>, require an account to access and do not offer any option to opt out of syncing all documents created in these applications with Adobe's cloud servers. Similarly, the new non-Classic versions of Lightroom are fundamentally built around uploading all images to Adobe's cloud.

There is no end-to-end encryption, i.e., Adobe has full access to all of these files. Disabling internet access allows the user to work offline, but any files created in the affected apps will immediately sync to the cloud in the background as soon as the device is connected to a network again.

@@ Line 16: / Line 16: @@
 ===Proprietary file formats===
-Works created in Adobe software come in Adobe-exclusive file formats such as .psd for Photoshop<ref>{{Cite web |last=Smith |first=Colin |date= |title=Most commonly used file types in Photoshop |url=https://photoshopcafe.com/commonly-used-file-types-photoshop/ |url-status=live |archive-url=https://archive.ph/0ZT6H |archive-date=5 Jan 2026 |access-date=2025-09-30 |website=Photoshop CAFE}}</ref><ref>{{Cite web |last=Williams |first=Brendan |date=2023-10-12 |title=File Formats In Photoshop Explained (Complete List) |url=https://www.bwillcreative.com/file-formats-in-photoshop-explained/ |url-status=live |archive-url=https://archive.ph/mTNlg |archive-date=2026-01-04 |access-date=2025-09-30 |website=Brendan Williams Creative}}</ref> and .indd for InDesign.<ref>{{Cite web |title=Which File Format?: A Guide to INDD, IDML, INX and Everything In-Between |url=https://indesignskills.com/tutorials/open-indesign-files-in-earlier-versions/ |url-status=live |archive-url=https://archive.ph/SumKq |archive-date=2026-01-04 |access-date=2025-09-30 |website=InDesign Skills}}</ref>
+Works created in Adobe software come in Adobe-exclusive file formats such as .psd for Photoshop<ref>{{Cite web |last=Smith |first=Colin |date= |title=Most commonly used file types in Photoshop |url=https://photoshopcafe.com/commonly-used-file-types-photoshop/ |url-status=live |archive-url=https://archive.ph/0ZT6H |archive-date=5 Jan 2026 |access-date=2025-09-30 |website=Photoshop CAFE}}</ref><ref>{{Cite web |last=Williams |first=Brendan |date=2023-10-12 |title=File Formats In Photoshop Explained (Complete List) |url=https://www.bwillcreative.com/file-formats-in-photoshop-explained/ |url-status=live |archive-url=https://archive.ph/mTNlg |archive-date=5 Jan 2026 |access-date=2025-09-30 |website=Brendan Williams Creative}}</ref> and .indd for InDesign.<ref>{{Cite web |title=Which File Format?: A Guide to INDD, IDML, INX and Everything In-Between |url=https://indesignskills.com/tutorials/open-indesign-files-in-earlier-versions/ |url-status=live |archive-url=https://archive.ph/SumKq |archive-date=5 Jan 2026 |access-date=2025-09-30 |website=InDesign Skills}}</ref>
 ===Data breaches===
-In 2013, Adobe disclosed a data breach affecting approximately 3 million customers. This number was later revised to approximately 38 million. <ref>{{Cite web |last=Finkle |first=Jim |date=29 Oct 2013 |title=Adobe data breach more extensive than previously disclosed |url=https://www.reuters.com/article/technology/adobe-data-breach-more-extensive-than-previously-disclosed-idUSBRE99S1DJ |website=reuters.com/}}</ref> This incident resulted in a $1,000,000 settlement and a commitment to implementing new security policies. <ref>{{Cite web |date=15 Nov 2016 |title=Adobe to Pay $1 Million, Update Security Policies to Resolve Multistate Investigation Into Data Breach |url=https://www.mass.gov/news/adobe-to-pay-1-million-update-security-policies-to-resolve-multistate-investigation-into-data-breach |url-status=live |archive-url=https://archive.ph/nSVpL |archive-date=2026-01-04 |website=mass.gov}}</ref> In 2019, researchers discovered that Adobe's Elasticsearch database was insecure, potentially exposing the information of approximately 7.5 million users. <ref>{{Cite web |last=Khandelwal |first=Swati |date=26 Oct 2019 |title=Unsecured Adobe Server Exposes Data for 7.5 Million Creative Cloud Users |url=https://thehackernews.com/2019/10/adobe-database-leaked.html?utm_source=chatgpt.com |url-status=live |archive-url=https://archive.ph/UfO7n |archive-date=12 Apr 2020}}</ref> Breaches impacting U.S. federal agencies and Adobe Commerce/Magento stores also occurred in 2023 and 2024, respectively. <ref>{{Cite web |date=5 Dec 2023 |title=Threat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial Access to Government Servers |url=https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-339a |url-status=live |archive-url=https://archive.ph/8g4C3 |archive-date=15 Jan 2024 |website=cisa.gov}}</ref><ref>{{Cite web |last=Sansec Forensics Team |date=1 Oct 2024 |title=Thousands of Adobe Commerce stores hacked in competing CosmicSting campaigns |url=https://sansec.io/research/cosmicsting-fallout |url-status=live |archive-url=https://archive.ph/vj2if |archive-date=5 Jan 2026 |website=sansec.io}}</ref>
+In 2013, Adobe disclosed a data breach affecting approximately 3 million customers. This number was later revised to approximately 38 million. <ref>{{Cite web |last=Finkle |first=Jim |date=29 Oct 2013 |title=Adobe data breach more extensive than previously disclosed |url=https://www.reuters.com/article/technology/adobe-data-breach-more-extensive-than-previously-disclosed-idUSBRE99S1DJ |website=reuters.com/}}</ref> This incident resulted in a $1,000,000 settlement and a commitment to implementing new security policies. <ref>{{Cite web |date=15 Nov 2016 |title=Adobe to Pay $1 Million, Update Security Policies to Resolve Multistate Investigation Into Data Breach |url=https://www.mass.gov/news/adobe-to-pay-1-million-update-security-policies-to-resolve-multistate-investigation-into-data-breach |url-status=live |archive-url=https://archive.ph/nSVpL |archive-date=5 Jan 2026 |website=mass.gov}}</ref> In 2019, researchers discovered that Adobe's Elasticsearch database was insecure, potentially exposing the information of approximately 7.5 million users. <ref>{{Cite web |last=Khandelwal |first=Swati |date=26 Oct 2019 |title=Unsecured Adobe Server Exposes Data for 7.5 Million Creative Cloud Users |url=https://thehackernews.com/2019/10/adobe-database-leaked.html?utm_source=chatgpt.com |url-status=live |archive-url=https://archive.ph/UfO7n |archive-date=12 Apr 2020}}</ref> Breaches impacting U.S. federal agencies and Adobe Commerce/Magento stores also occurred in 2023 and 2024, respectively. <ref>{{Cite web |date=5 Dec 2023 |title=Threat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial Access to Government Servers |url=https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-339a |url-status=live |archive-url=https://archive.ph/8g4C3 |archive-date=15 Jan 2024 |website=cisa.gov}}</ref><ref>{{Cite web |last=Sansec Forensics Team |date=1 Oct 2024 |title=Thousands of Adobe Commerce stores hacked in competing CosmicSting campaigns |url=https://sansec.io/research/cosmicsting-fallout |url-status=live |archive-url=https://archive.ph/vj2if |archive-date=5 Jan 2026 |website=sansec.io}}</ref>
 ==Incidents==
@@ Line 43: / Line 43: @@
 ===User documents forced into the cloud with no opt-out===
-Some of Adobe's iPad applications, including, but not limited to, the digital painting application Adobe Fresco<ref>{{Cite web |author=PaulaArtist2 |date=2021-12-13 |title=[How To] Save work locally / work offline |url=https://community.adobe.com/t5/fresco-discussions/how-to-save-work-locally-work-offline/m-p/12390252 |url-status=live |archive-url=https://archive.ph/WreAh |archive-date=2026-01-04 |access-date=2025-09-22 |website=Adobe Community}}</ref> and the document scanning application Adobe Scan<ref>{{Cite web |last=Tagra |first=Ria |date=2021-06-14 |title=Does Adobe Scan offer a way to not utilize the Adobe Cloud |url=https://community.adobe.com/t5/adobe-scan-discussions/does-adobe-scan-offer-a-way-to-not-utilize-the-adobe-cloud/m-p/12104402 |url-status=live |archive-url=https://archive.ph/cO5G1 |archive-date=2026-01-04 |access-date=2025-09-22 |website=Adobe Community}}</ref>, require an account to access and do not offer any option to opt out of syncing all documents created in these applications with Adobe's cloud servers. Similarly, the new non-Classic versions of Lightroom are fundamentally built around uploading all images to Adobe's cloud.
+Some of Adobe's iPad applications, including, but not limited to, the digital painting application Adobe Fresco<ref>{{Cite web |author=PaulaArtist2 |date=2021-12-13 |title=[How To] Save work locally / work offline |url=https://community.adobe.com/t5/fresco-discussions/how-to-save-work-locally-work-offline/m-p/12390252 |url-status=live |archive-url=https://archive.ph/WreAh |archive-date=5 Jan 2026 |access-date=2025-09-22 |website=Adobe Community}}</ref> and the document scanning application Adobe Scan<ref>{{Cite web |last=Tagra |first=Ria |date=2021-06-14 |title=Does Adobe Scan offer a way to not utilize the Adobe Cloud |url=https://community.adobe.com/t5/adobe-scan-discussions/does-adobe-scan-offer-a-way-to-not-utilize-the-adobe-cloud/m-p/12104402 |url-status=live |archive-url=https://archive.ph/cO5G1 |archive-date=5 Jan 2026 |access-date=2025-09-22 |website=Adobe Community}}</ref>, require an account to access and do not offer any option to opt out of syncing all documents created in these applications with Adobe's cloud servers. Similarly, the new non-Classic versions of Lightroom are fundamentally built around uploading all images to Adobe's cloud.
 There is no end-to-end encryption, i.e., Adobe has full access to all of these files. Disabling internet access allows the user to work offline, but any files created in the affected apps will immediately sync to the cloud in the background as soon as the device is connected to a network again.