Full Report
Adobe is warning its Analytics customers that an ingestion bug caused data from some organizations to appear in the analytics instances of others for approximately one day. [...]
Analysis Summary
# Incident Report: Adobe Analytics Ingestion Bug Data Leak
## Executive Summary
An ingestion bug in Adobe Analytics, introduced during a performance optimization change, caused customer tracking data to be incorrectly written into the analytics instances of other tenants for approximately one day. This resulted in the inadvertent exposure of tracking data, potentially including sensitive information like email addresses, across affected customers' systems and downstream environments. Adobe mitigated the issue by reverting the faulty change and instructed all affected customers to immediately purge the corrupted data from their environments.
## Incident Details
- Discovery Date: September 17, 2025, 12:20 UTC (When disruption began/data started appearing)
- Incident Date: September 17, 2025, 12:20 UTC to September 18, 2025, 11:00 UTC
- Affected Organization: Adobe Analytics customers globally
- Sector: Software/Technology (Data Analytics Platform)
- Geography: Global
## Timeline of Events
### Initial Access
- Date/Time: September 17, 2025, 12:20 UTC
- Vector: Configuration/Software Bug introduced via a performance optimization change to the Analytics Edge data collection service.
- Details: A bug caused "errant values" where data streams from some organizations were written (overwritten) into the data instances of other customers.
### Lateral Movement
This was not an intrusion or malicious activity; the issue was an internal data corruption/misrouting within the Adobe platform affecting data pipelines (Data Feeds, Live Stream, Reporting).
### Data Exfiltration/Impact
- Impact: Approximately 3–5% of collected data was corrupted. Sensitive tracking data from one customer (e.g., email addresses, session hashes, on-site search data) appeared in reports and data feeds belonging to other customers. This data was embedded into downstream systems, backups, and BI tools.
### Detection & Response
- Detection: Adobe acknowledged the issue on its status page starting September 17, 2025.
- Response Actions: Adobe reverted the performance optimization change that introduced the bug on September 18, 2025, at 11:00 UTC. Customers were immediately instructed via advisory to delete or purge all data received during the impact window from all systems, including backups and downstream environments.
## Attack Methodology
- Initial Access: N/A (Internal platform configuration error, not external attack)
- Persistence: N/A
- Privilege Escalation: N/A
- Defense Evasion: N/A
- Credential Access: N/A
- Discovery: N/A
- Lateral Movement: N/A (Internal data flow bug)
- Collection: N/A
- Exfiltration: N/A (Inadvertent data exposure across tenants)
- Impact: Data corruption and cross-tenant data visibility due to ingestion error.
## Impact Assessment
- Financial: Not disclosed, but expected costs related to clean-up, purging data, audits, and potential regulatory fines.
- Data Breach: Tracking data from 3–5% of records was potentially exposed to other Adobe tenants, including potentially sensitive information like email addresses and user session data, depending on customer implementation practices.
- Operational: Disruption to reporting, Data Feeds, Live Stream, and downstream Business Intelligence systems requiring immediate cessation of data usage.
- Reputational: Significant reputational damage to Adobe due to the exposure of customer PII/tracking data across client boundaries.
## Indicators of Compromise
As this was an infrastructure bug and not a malicious intrusion, traditional IoCs do not apply.
- **Network indicators:** N/A (Internal system malfunction)
- **File indicators:** N/A (Data corruption within platform storage)
- **Behavioral indicators:** Unnatural data overwrite patterns observed in Analysis Workspace reports and Data Feeds during the incident window.
## Response Actions
- **Containment measures:** The faulty performance optimization change was identified and reverted on September 18, 2025, stopping further erroneous data ingestion.
- **Eradication steps:** Customers mandated to delete/purge all data received between 12:20 UTC on Sept 17 and 11:00 UTC on Sept 18 from all systems and backups.
- **Recovery actions:** Adobe is working to cleanse impacted datasets on their side before validating the platform is fit for safe reporting again.
## Lessons Learned
- Change management controls for performance optimizations in core data ingestion pipelines must include stringent cross-tenant data validation, even in multi-tenant environments.
- Reliance on downstream systems (BI tools, backups) means remediation must often extend beyond the primary platform, increasing complexity and risk of failure during recovery.
- Even when providers state they do not collect PII, customer implementations may inadvertently pass sensitive information into tracking fields, resulting in severe implications under regulations like GDPR/CPPA when exposed.
## Recommendations
- Implement automated, real-time drift detection specifically looking for unexpected cross-tenant data patterns or overwrites within data processing layers.
- Establish robust data retention policies that allow for rapid, verifiable purging of corrupt data across *all* integrated systems, not just the primary source.
- Conduct immediate audits across all tenants who use Data Feeds/Live Stream during the incident window to confirm complete purging of tainted data.