For-gain hacker ShinyHunters has leaked 1.9 million Pixlr person data, including details terrible actors could use to carry out specific phishing and credential-stuffing attacks. Pixlr is a cost-free on the web picture-editing application.
Professionals believe that the alleged Pixlr databases that ShinyHunters posted may consist of 1,921,141 consumer documents. In these documents are email addresses, login names, SHA-512 hashed passwords, a user’s place, irrespective of whether they signed up for the publication, and other delicate details.
According to a Bleeping Computer report, ShinyHunters shared the databases on the dark web. The hacker claimed they stole the database throughout their November breach of 123rf, which shares the same father or mother business as Pixlr.
In the 123rf breach, hackers stole above 8.3 million person data documents. These data contained email addresses, MD5 hashed passwords, organization names, phone figures, addresses, PayPal e-mails, and IP addresses.
ShinyHunters has also been accountable for details breaches at Minted, Chatbooks, Wattpad, and other folks.
Stephen Kapp, CTO and founder at Cortex Perception, told IT Pro that the Pixlr breach shows how cyber criminals are actively targeting businesses to monetize facts.
“To aid limit the problems, Pixlr need to appear to strengthen its internal procedures by keeping person info in just software databases or committed SSO methods, this sort of as all those presented by AWS. This would make it possible for for devoted password hashing that contains a Salt Get the job done Factor to aid mitigate from brute power attacks,” Kapp said.
Boris Cipot, senior security engineer at Synopsys, advised IT Pro that in the wake of this breach, users need to modify their password on Pixlr. They should really also adjust the password on other web sites where by they may have reused their Pixlr password, as hackers can sometimes revert hashed passwords.
“Users should really also be geared up for feasible phishing attacks. They should not blindly click on on one-way links sent via email. These back links may perhaps guide you to a malicious internet site exactly where you will be encouraged to ‘change’ your password. The exact goes for files – do not down load something without very first verifying the authenticity of the sender. Cybercriminals will consider to abuse every piece of info they have on you for their have personalized get therefore, feel twice just before actioning any e-mail,” Cipot reported.
Some parts of this post are sourced from: