Freepik and Flaticon suffer data breach; 8.3 million users affected

CyberPanther

CyberPanther

Level 6
Thread author
Verified
Well-known
Oct 1, 2019
298
Content source
https://www.hackread.com/freepik-flaticon-data-breach-million-of-users-affected/
Freepik reveals that the attack took place due to a SQL injection in Flaticon.






Just a few days ago, Experian announced suffering a data breach affecting 24 million customers. Now, Freepik, a popular platform for designers offering free graphic resources has announced that it has suffered a massive data breach affecting users on Freepik.com and Flaticon.com.

For your information, Flaticon claims to be the largest database of free icons and is owned by Freepik company. According to the statement, Freepik has revealed that a hacker managed to exploit an SQL vulnerability stealing 8.3 million records from both platforms collectively.

The data stolen in the breach includes email addresses and password hashes. However, for some users, the compromised data only includes email or social media tokens used for login on both sites. For instance, Freepik explained in its statement that;
"Out of these 8.3M users, 4.5M had no hashed password because they used exclusively federated logins (with Google, Facebook and/or Twitter), and the only data the attacker obtained from these users was their email address.

For the remaining 3.77M users the attacker got their email address and a hash of their password. For 3.55M of these users, the method to hash the password is bcrypt, and for the remaining 229K users the method was salted MD5. Since then we have updated the hash of all users to bcrypt."
Click to expand...
Although the company has informed affected users it is still advised to change your password on both websites and any other platform where you signed up with the same login credentials.

Moreover, don’t be surprised if Freepik and Flaticon’s database showed up on a dark web market for sale or leaked online on some hacker forum.

It is worth noting that previously, online graphic-design tool Canva also suffered a data breach in which 139 million accounts were stolen and leaked online. Recently, a hacker going by the online handle of Shiny Hunters leaked dozens of databases stolen from prominent companies including:

WattPad – 271 million accounts leaked

Dunzo – 11GB worth of data leaked

Dave.com – 7 million accounts leaked

Bhinneka – 1 million+ accounts leaked
Minted – 5 million accounts leaked

ProctorU – 444,267 accounts leaked

Tokopedia – 91 million accounts leaked

Couchsurfing – 17 million accounts leaked

Therefore, keep an eye on your account and secure it with 2FA.
Click to expand...

www.hackread.com

Freepik and Flaticon suffer data breach; 8.3 million users affected

Follow us on Twitter @HackRead
www.hackread.com www.hackread.com
Click to expand...
 
  • Like
Reactions: upnorth, Gandalf_The_Grey, ForgottenSeer 85179 and 1 other person
You must log in or register to reply here.

Similar threads

vtqhtr413
    • Wow
    • +Reputation
    • Like
Security News AT&T says leaked data of 70m people is not from its systems
Replies
3
Views
1,708
Security News
vtqhtr413
vtqhtr413
Gandalf_The_Grey
    • +Reputation
    • Like
Freecycle confirms massive data breach impacting 7 million users
Replies
0
Views
618
News Archive
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • Thanks
    • +Reputation
    • Wow
Scraped data of 2.6 million Duolingo users released on hacking forum
Replies
1
Views
1,261
News Archive
Gandalf_The_Grey
Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top