Data breach at Pixlr; more than 1.4 million user records exposed in hacking forums

Over 1.4 million personal records of Pixlr users were exposed by a hacker through a forum on dark web; as you may remember, Pixlr a free online image editing app popular among thousands of marketing employees. Cybersecurity experts fear that this data may be used against affected users in phishing campaigns or credential stuffing attacks.

A few days ago, the hacker known as ShinyHunters published the database on a cybercrime forum, mentioning that the information was extracted from the platform during a cyberattack targeting 123rf, a stock image platform. Both websites belong to the parent company Inmagine. The information is available for free.

La imagen tiene un atributo ALT vacío; su nombre de archivo es pixlr2001202101.jpg

Cybersecurity experts mention that ShinyHunters is a well-known cybercriminal involved in constant attacks on multiple websites, extracting information to sell it on hacking platforms. This hacker has been linked to security incidents on platforms such as Tokopedia, Homechef, Chatbooks, Wattpad, among others.

The Pixlr leak consists of 1 million 435, 235 user records including login names, email addresses, hashed passwords, and more. The database would have been extracted from a bucket in Amazon Web Services (AWS) by late December 2020.

La imagen tiene un atributo ALT vacío; su nombre de archivo es pixlr2001202102.jpg

Although the company has not spoken out on the incident, various members of the cybersecurity community confirmed that the email addresses exposed are authentic, indicating that the leak is legitimate.

While Pixlr announces the steps that will be taken to address this incident, it is recommended that all users of the platform reset their passwords to avoid illegitimate access, in addition to ignoring any recently received suspicious emails. To prevent credential stuffing attacks, experts recommend users not to employ the same passwords on other online platforms.