123RF.com Archives

Pixlr, a free online photo-editing platform, is the latest victim of a data breach after the notorious threat actor group “ShinyHunters” leaked over 1.9 million users’ records online, as reported by SiliconAngle. The exposed information included usernames, hashed passwords, email addresses, country of origin, and other personal data. It’s suspected that the hacking group illicitly obtained access to Pixlr user records by exploiting an unsecured AWS S3 bucket.

The Impact

ShinyHunters distributed the stolen information on various hacking forums for free, allowing other cybercriminals to access the data. The leaked data can be misused to launch a variety of cyberattacks against Pixlr users. Attackers can also compromise users’ accounts by committing spear-phishing or credential-stuffing attacks on users whose data was exposed in the incident.

Link to 123RF.com Data Breach

ShinyHunters operators claimed that they stole Pixlr’s database while they were breaking into 123RF.com user records. 123RF.com is a royalty-free image website. Both Pixlr and 123RF.com are owned by Inmagine company. According to a report, malicious actors leaked 123RF.com users’ data (3GB in size) on a Russian hacker forum. The company stated that the exposed database holds over 8,500,246 user records including users’ full names, email addresses, IP addresses, Facebook IDs, locations, and passwords that have been hashed using the MD5 hashing algorithm.

ShinyHunters Continue to Strike

Recently, the operators of ShinyHunters traded databases of three India-based enterprises – ClickIndia, ChqBook, and WedMeGood – on Darknet forums. The data dump contained over 8 million records of ClickIndia (name, email, mobile and other personal details), 1 million records of ChqBook (name, email, mobile, full address, and other personal details), and 1.3 million from WedMeGood (name, email, hashed password, other sensitive personal information).

123RF.com, a royalty-free image website, has notified its users and authorities of a compromised SQL database that contained users’ sensitive data. A report by CyberNews indicated that, unidentified malicious actors leaked a sample file, 3GB in size, on a Russian hacker forum. The Malaysia-based digital stock content agency stated that the exposed database holds over 8,500,246 user records including users’ full names, email addresses, IP addresses, Facebook Ids, locations, and passwords that have been hashed using the MD5 hashing algorithm.

123RF.com clarified that the exposed sample file appears to be a user data table ranging from as far back as 2006 to March 2020. The company also assumes that the database is about a year old and not the latest 2020 version.

“The latest data contained in the database appears to have been exfiltrated from 123RF.com data center on March 22, 2020, and presumably used for malicious purposes for more than eight months. According to 123RF.com, the source of the breach was traced to an unauthorized access at the company’s data center. After breaching the data center, the attacker “proceeded to copy the membership data,” 123RF.com said in a statement.

What’s the Impact?

Cybercriminals could use the leaked data to launch a variety of cyberattacks against 123RF.com users. Attackers can compromise users’ accounts by committing spear-phishing or credential stuffing attacks on users whose data was exposed in the incident. In addition, scammers can spam the victims’ emails, phones, and Facebook accounts.

What’s Next?

123RF.com recommended the affected users to follow certain security measures for further protection. These include:

Immediately change your 123RF.com, PayPal, and Facebook passwords and consider using a password manager to create strong passwords
If the user has been using an identical password for any other online services, change it on those other websites as well
Enable two-factor authentication (2FA) on all other online accounts
Watch out for potential phishing emails and messages. Do not click on anything suspicious or respond to anyone the users do not know

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

The Impact

Link to 123RF.com Data Breach

ShinyHunters Continue to Strike

What’s the Impact?

What’s Next?

We Care