A hacker known as ShinyHunters has leaked 1.9 million user records stolen from the free online photo editing application Pixlr. user records
The database released for free in a hacking forum contains information that could be used by threat actors for performing targeted phishing and credential stuffing attacks.
The leaked user records consist of information such as email addresses, login names, SHA-512 hashed passwords, where a user is based, whether they signed up for the newsletter, etc.
ShinyHunters claims to have stolen the database from Pixlr while he broke into the 123rf stock photo site. Both companies are owned by the Inmagine group.
The hacker said he downloaded the database from the company’s AWS bucket at the end of 2020.
By making the database available for free on the hacking forum has earned ShinyHunters praise from other users who frequent the platform as they could use the user records for their own malicious activities.
While Pixlr was yet to respond to the report of the leaked database, BleepingComputer said it confirmed that many of the email addresses in the database are registered Pixlr members.
While users are waiting for an official response, Pixlr users are advised to immediately change their passwords on the site.
ShinyHunters was involved in breaching several organizations in the past including Tokopedia, Homechef, Minted, Chatbooks, Dave, Promo, Mathway, Wattpad, said the report.