A notorious threat actor appears to have published 1.9 million user records for the popular online photo editing site Pixlr, putting customers at risk of follow-on attacks.
“ShinyHunters” dumped the files over the weekend for free on an underground forum, claiming the site was breached at the same time as 123RF, which is owned by the same company, Inmagine.
Among the data up for grabs are email addresses, usernames, hashed passwords and users’ countries.
So far there’s been no word from the firm itself, despite the fact that these users could be at risk of phishing attacks, credential stuffing attempts and other fraud if not informed promptly.
ShinyHunters is a prolific actor on the cybercrime underground, having been involved in breaches at Wishbone (40 million records), Heavenly (1.4 million), Dave (7.5 million) and many more.
If this incident is legitimate, as seems the case, Pixlr customers would be advised to be on the look-out for scams and to change their log-ins on the site, and any others they share the same passwords for.
ShinyHunters claimed to have stolen the data from Pixlr’s Amazon Web Services (AWS) S3 bucket late last year.
It’s unclear how, but CloudSphere VP of product, Pravin Rasiah, warned that misconfigured cloud storage is one of the leading causes of data breaches.
“The chances of leaving an S3 bucket exposed are all too high, as inexperienced users can simply choose the ‘all users’ access option, making the bucket publicly accessible. Leaving these S3 buckets open and exposed invites hackers to exploit the personal data entrusted to companies by their customers,” he argued.
“To prevent incidents like this from occurring, awareness within the cloud environment is imperative.”
Cloud Security Posture Management (CSPM) tools are widely regarded as best practice in this space, as they continuously monitor such environments for configuration errors.