Pixlr is facing a significant cyber security incident after a hacker known as ShinyHunters has leaked 1.9 million user records of free online photo editing application.
The database released for free in a hacking forum contains information that could be used by threat actors for performing targeted phishing and credential stuffing attacks, BleepingComputer reported on Wednesday.
The leaked user records consist of information such as email addresses, login names, SHA-512 hashed passwords, where a user is based, whether they signed up for the newsletter, etc.
ShinyHunters claims to have stolen the database from Pixlr while he broke into the 123rf stock photo site.
Inmagine owns both Pixlr and 123rf.
ShinyHunters had hacked several organisations including Tokopedia, Homechef, Minted, Chatbooks, Dave, Promo, Mathway, Wattpad, said the report.
The threat actor said he downloaded the database from the company’s AWS bucket at the end of 2020.
The sharing of the data base for free on the hacking forum has earned ShinyHunters praise from other threat actors who frequent the platform as they could use the user records for their own malicious activities.