Pixlr, a free online photo-editing platform, is the latest victim of a data breach after the notorious threat actor group “ShinyHunters” leaked over 1.9 million users’ records online, as reported by SiliconAngle. The exposed information included usernames, hashed passwords, email addresses, country of origin, and other personal data. It’s suspected that the hacking group illicitly obtained access to Pixlr user records by exploiting an unsecured AWS S3 bucket.
The Impact
ShinyHunters distributed the stolen information on various hacking forums for free, allowing other cybercriminals to access the data. The leaked data can be misused to launch a variety of cyberattacks against Pixlr users. Attackers can also compromise users’ accounts by committing spear-phishing or credential-stuffing attacks on users whose data was exposed in the incident.
Link to 123RF.com Data Breach
ShinyHunters operators claimed that they stole Pixlr’s database while they were breaking into 123RF.com user records. 123RF.com is a royalty-free image website. Both Pixlr and 123RF.com are owned by Inmagine company. According to a report, malicious actors leaked 123RF.com users’ data (3GB in size) on a Russian hacker forum. The company stated that the exposed database holds over 8,500,246 user records including users’ full names, email addresses, IP addresses, Facebook IDs, locations, and passwords that have been hashed using the MD5 hashing algorithm.
ShinyHunters Continue to Strike
Recently, the operators of ShinyHunters traded databases of three India-based enterprises – ClickIndia, ChqBook, and WedMeGood – on Darknet forums. The data dump contained over 8 million records of ClickIndia (name, email, mobile and other personal details), 1 million records of ChqBook (name, email, mobile, full address, and other personal details), and 1.3 million from WedMeGood (name, email, hashed password, other sensitive personal information).