Hacker leaks 1.9mn user records of photo editing app Pixlr


San Francisco, Jan 21 (IANS): A hacker known as ShinyHunters has leaked 1.9 million user records stolen from free online photo editing application Pixlr.

The database released for free in a hacking forum contains information that could be used by threat actors for performing targeted phishing and credential stuffing attacks, BleepingComputer reported on Wednesday.

The leaked user records consist of information such as email addresses, login names, SHA-512 hashed passwords, where a user is based, whether they signed up for the newsletter, etc.

ShinyHunters claims to have stolen the database from Pixlr while he broke into the 123rf stock photo site.

A company called Inmagine owns both Pixlr and 123rf.

ShinyHunters was involved in breaching several organisations in the past including Tokopedia, Homechef, Minted, Chatbooks, Dave, Promo, Mathway, Wattpad, said the report.

The threat actor said he downloaded the database from the company's AWS bucket at the end of 2020.

The sharing of the data base for free on the hacking forum has earned ShinyHunters praise from other threat actors who frequent the platform as they could use the user records for their own malicious activities.

While Pixlr was yet to respond to report of the leaked database, BleepingComputer said it confirmed that many of the email addresses in the database are registered Pixlr members.

Out of an abundance of caution, Pixlr users are advised to immediately change their passwords on the site.

  

Top Stories


Leave a Comment

Title: Hacker leaks 1.9mn user records of photo editing app Pixlr



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.