Home News ShinyHunters Leak 1.9 Mn Pixlr Users’ Records Online

ShinyHunters Leak 1.9 Mn Pixlr Users’ Records Online

Cybercriminal group ShinyHunters claimed that they have compromised Pixlr users’ records after while broke into stock photo website 123RF.com. Over 1.9 million Pixlr’s compromised records are leaked in various hacking forums for free

Patchwork BADNEWS, APT31 threat group

Pixlr, a free online photo-editing platform, is the latest victim of a data breach after the notorious threat actor group “ShinyHunters” leaked over 1.9 million users’ records online, as reported by SiliconAngle. The exposed information included usernames, hashed passwords, email addresses, country of origin, and other personal data. It’s suspected that the hacking group illicitly obtained access to Pixlr user records by exploiting an unsecured AWS S3 bucket.

The Impact

ShinyHunters distributed the stolen information on various hacking forums for free, allowing other cybercriminals to access the data. The leaked data can be misused to launch a variety of cyberattacks against Pixlr users. Attackers can also compromise users’ accounts by committing spear-phishing or credential-stuffing attacks on users whose data was exposed in the incident.

Link to 123RF.com Data Breach

ShinyHunters operators claimed that they stole Pixlr’s database while they were breaking into 123RF.com user records. 123RF.com is a royalty-free image website. Both Pixlr and 123RF.com are owned by Inmagine company. According to a report, malicious actors leaked 123RF.com users’ data (3GB in size) on a Russian hacker forum.  The company stated that the exposed database holds over 8,500,246 user records including users’ full names, email addresses, IP addresses, Facebook IDs, locations, and passwords that have been hashed using the MD5 hashing algorithm.

ShinyHunters Continue to Strike

Recently, the operators of ShinyHunters traded databases of three India-based enterprises – ClickIndia, ChqBook, and WedMeGood – on Darknet forums. The data dump contained over 8 million records of ClickIndia (name, email, mobile and other personal details), 1 million records of ChqBook (name, email, mobile, full address, and other personal details), and 1.3 million from WedMeGood (name, email, hashed password, other sensitive personal information).