Threat Actor Dumps 1.9 Million Pixlr Records Online

  • A infamous risk actor appears to have published 1.9 million consumer records for the well-known on line image enhancing web site Pixlr, placing buyers at risk of observe-on assaults.

    “ShinyHunters” dumped the data files above the weekend for cost-free on an underground discussion board, saying the web page was breached at the identical time as 123RF, which is owned by the exact same firm, Inmagine.

    Among the info up for grabs are email addresses, usernames, hashed passwords and users’ countries.

    So considerably there’s been no word from the firm by itself, even with the simple fact that these buyers could be at risk of phishing assaults, credential stuffing attempts and other fraud if not educated instantly.

    ShinyHunters is a prolific actor on the cybercrime underground, possessing been concerned in breaches at Wishbone (40 million documents), Heavenly (1.4 million), Dave (7.5 million) and lots of more.

    If this incident is genuine, as appears the case, Pixlr customers would be suggested to be on the appear-out for ripoffs and to improve their log-ins on the site, and any some others they share the exact passwords for.

    ShinyHunters claimed to have stolen the knowledge from Pixlr’s Amazon Web Services (AWS) S3 bucket late past 12 months.

    It’s unclear how, but CloudSphere VP of product, Pravin Rasiah, warned that misconfigured cloud storage is one particular of the main will cause of facts breaches.

    “The probabilities of leaving an S3 bucket uncovered are all too higher, as inexperienced consumers can simply just choose the ‘all users’ obtain solution, making the bucket publicly accessible. Leaving these S3 buckets open and exposed invitations hackers to exploit the particular facts entrusted to firms by their clients,” he argued.

    “To prevent incidents like this from taking place, awareness within the cloud ecosystem is imperative.”

    Cloud Security Posture Management (CSPM) equipment are broadly regarded as most effective apply in this place, as they consistently check this sort of environments for configuration errors.