123RF.com, a royalty-free image website, has notified its users and authorities of a compromised SQL database that contained users’ sensitive data. A report by CyberNews indicated that, unidentified malicious actors leaked a sample file, 3GB in size, on a Russian hacker forum. The Malaysia-based digital stock content agency stated that the exposed database holds over 8,500,246 user records including users’ full names, email addresses, IP addresses, Facebook Ids, locations, and passwords that have been hashed using the MD5 hashing algorithm.
123RF.com clarified that the exposed sample file appears to be a user data table ranging from as far back as 2006 to March 2020. The company also assumes that the database is about a year old and not the latest 2020 version.
“The latest data contained in the database appears to have been exfiltrated from 123RF.com data center on March 22, 2020, and presumably used for malicious purposes for more than eight months. According to 123RF.com, the source of the breach was traced to an unauthorized access at the company’s data center. After breaching the data center, the attacker “proceeded to copy the membership data,” 123RF.com said in a statement.
What’s the Impact?
Cybercriminals could use the leaked data to launch a variety of cyberattacks against 123RF.com users. Attackers can compromise users’ accounts by committing spear-phishing or credential stuffing attacks on users whose data was exposed in the incident. In addition, scammers can spam the victims’ emails, phones, and Facebook accounts.
What’s Next?
123RF.com recommended the affected users to follow certain security measures for further protection. These include:
- Immediately change your 123RF.com, PayPal, and Facebook passwords and consider using a password manager to create strong passwords
- If the user has been using an identical password for any other online services, change it on those other websites as well
- Enable two-factor authentication (2FA) on all other online accounts
- Watch out for potential phishing emails and messages. Do not click on anything suspicious or respond to anyone the users do not know
