Executive Summary
In September 2025, an ingestion bug in Adobe Analytics caused cross-tenant data exposure, allowing customer tracking data from some organizations to appear in the analytics reports of others for nearly a day. The incident began on September 17 due to a performance optimization update that led to incorrect data values surfacing in Analysis Workspace reports. Approximately 3-5% of collected data—across Data Feeds, Live Stream, and scheduled reports—was impacted, with some fields being overwritten by data from other tenants. Adobe promptly reverted the change on September 18 and undertook remediation to cleanse datasets, advising customers to purge affected data from systems and backups to prevent further exposure.
This incident underscores the risk posed by inadvertent data exposure within multi-tenant SaaS platforms and the criticality of robust data segregation and validation controls. With regulatory scrutiny over data privacy at an all-time high, such events illustrate how operational changes, even absent malicious intent, can have significant compliance and business ramifications for all affected customers.
Why This Matters Now
Incidents like this highlight the growing complexity and risk of SaaS environments, where a single code change can inadvertently compromise sensitive business data across organizations. As regulatory requirements around data protection intensify, timely detection, containment, and remediation of cross-tenant data leaks are essential to maintain customer trust and avoid legal repercussions.
Attack Path Analysis
A software bug in Adobe Analytics' data ingestion layer led to accidental data exposure between tenants, without evidence of malicious external compromise. No attacker escalated privileges or moved laterally, as the core failure was a cross-tenant data corruption, but the event mimics the kill chain in demonstrating the data exposure lifecycle. Misconfiguration enabled unfiltered lateral data flow, resulting in unauthorized information propagation and impact on downstream systems and backups. Zero Trust and segmentation controls could have detected or contained such errant data propagation.
Kill Chain Progression
Initial Compromise
Description
A performance optimization change introduced a flawed configuration in the Analytics data ingestion pipeline, allowing data from one customer to be ingested by another's workspace.
Related CVEs
CVE-2025-54236
CVSS 9.1An improper input validation vulnerability in Adobe Commerce and Magento Open Source allows unauthenticated attackers to hijack customer sessions via the Commerce REST API.
Affected Products:
Adobe Commerce – 2.4.3, 2.4.4, 2.4.5
Adobe Magento Open Source – 2.4.3, 2.4.4, 2.4.5
Exploit Status:
exploited in the wild
MITRE ATT&CK® Techniques
Data Leak
Data Manipulation: Stored Data Manipulation
Account Discovery: Domain Account
Transfer Data to Cloud Account
Service Configuration Permissions Weakness
System Shutdown/Reboot
Resource Hijacking
Multi-Tenancy Data Exposure
Potential Compliance Exposure
Mapping incident impact across multiple compliance frameworks.
PCI DSS 4.0 – Data Retention and Disposal
Control ID: 12.3.1
NYDFS 23 NYCRR 500 – Encryption of Nonpublic Information
Control ID: 500.15
DORA – ICT Risk Management Requirements
Control ID: Article 11
CISA ZTMM 2.0 – Data Segmentation and Isolation
Control ID: Data Pillar—Data Security: Segmentation
NIS2 Directive – Supply Chain Security and Data Protection
Control ID: Article 21(2)(b)
GDPR – Security of Processing
Control ID: Article 32
Sector Implications
Industry-specific impact of the vulnerabilities, including operational, regulatory, and cloud security risks.
Marketing/Advertising/Sales
Adobe Analytics data cross-contamination exposed customer tracking data including email addresses, search queries, and behavioral patterns to competitor organizations, violating privacy regulations.
E-Learning
Educational platforms using Adobe Analytics for student behavior tracking faced potential GDPR violations as learner data leaked to other tenants' systems.
Health Care / Life Sciences
Healthcare organizations tracking patient website interactions suffered HIPAA compliance breaches when sensitive health-related browsing data crossed tenant boundaries in Analytics.
Financial Services
Banks and financial institutions experienced regulatory exposure as customer journey analytics data including session hashes and transaction patterns leaked cross-tenant.
Sources
- Adobe Analytics bug leaked customer tracking data to other tenantshttps://www.bleepingcomputer.com/news/security/adobe-analytics-bug-leaked-customer-tracking-data-to-other-tenants/Verified
- Adobe's Analytics upgrade error shared customer usage data with the wrong companies – global impact, Australian customers still unpacking the costhttps://www.mi-3.com.au/29-09-2025/global-adobe-analytics-upgrade-shared-customer-data-wrong-companiesVerified
- Adobe Analytics Data Leak: Architectural Failure Exposes Cross-Tenant Datahttps://redteamnews.com/threat-intelligence/data-breach/adobe-analytics-data-leak-architectural-failure-exposes-cross-tenant-data/Verified
Frequently Asked Questions
Cloud Native Security Fabric Mitigations and ControlsCNSF
The incident highlights the necessity of Zero Trust segmentation, robust east-west data flow controls, and comprehensive visibility to prevent and detect unintended data exposure between tenants. CNSF-aligned controls could have enforced boundaries, monitored anomalous data flows, and restricted propagation of errant data, minimizing impact.
Control: Zero Trust Segmentation
Mitigation: Unauthorized cross-tenant data forwarding is blocked.
Control: Cloud Native Security Fabric (CNSF)
Mitigation: Cross-tenant privilege escalation attempts detected and remediated.
Control: East-West Traffic Security
Mitigation: Anomalous internal flows flagged before widespread propagation.
Control: Multicloud Visibility & Control
Mitigation: Realtime detection of unusual API and data transfer patterns across the SaaS fabric.
Control: Egress Security & Policy Enforcement
Mitigation: Inappropriate outbound data flows are blocked or alerted.
Rapid identification and incident response process triggered for uncharacteristic data events.
Impact at a Glance
Affected Business Functions
- Data Analysis
- Customer Insights
- Marketing Reporting
Estimated downtime: 2 days
Estimated loss: $500,000
Approximately 3–5% of collected data was impacted, with corrupted rows found within Data Feeds, Live Stream, scheduled reports, and other integrations. This may have included sensitive customer information inadvertently exposed to other organizations.
Recommended Actions
Key Takeaways & Next Steps
- • Enforce Zero Trust segmentation and microsegmentation within all multi-tenant SaaS designs to strictly isolate tenant data flows.
- • Deploy east-west traffic monitoring and anomaly detection to rapidly identify and halt unauthorized internal data propagation events.
- • Implement continuous, centralized multicloud visibility to monitor and enforce data access boundaries across all cloud-native workloads and APIs.
- • Strengthen egress policy enforcement to block unintended outbound flows and detect anomalous export activity from trusted services.
- • Maintain automated incident response and data lifecycle management for effective remediation and regulatory compliance in the event of inadvertent data exposure.
