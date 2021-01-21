Infosecurity Group Websites
Latest
News

Threat Actor Dumps 1.9 Million Pixlr Records Online

A notorious threat actor appears to have published 1.9 million user records for the popular online photo editing site Pixlr, putting customers at risk of follow-on attacks.

“ShinyHunters” dumped the files over the weekend for free on an underground forum, claiming the site was breached at the same time as 123RF, which is owned by the same company, Inmagine.

Among the data up for grabs are email addresses, usernames, hashed passwords and users’ countries.

So far there’s been no word from the firm itself, despite the fact that these users could be at risk of phishing attacks, credential stuffing attempts and other fraud if not informed promptly.

ShinyHunters is a prolific actor on the cybercrime underground, having been involved in breaches at Wishbone (40 million records), Heavenly (1.4 million), Dave (7.5 million) and many more.

If this incident is legitimate, as seems the case, Pixlr customers would be advised to be on the look-out for scams and to change their log-ins on the site, and any others they share the same passwords for.

ShinyHunters claimed to have stolen the data from Pixlr’s Amazon Web Services (AWS) S3 bucket late last year.

It’s unclear how, but CloudSphere VP of product, Pravin Rasiah, warned that misconfigured cloud storage is one of the leading causes of data breaches.

“The chances of leaving an S3 bucket exposed are all too high, as inexperienced users can simply choose the ‘all users’ access option, making the bucket publicly accessible. Leaving these S3 buckets open and exposed invites hackers to exploit the personal data entrusted to companies by their customers,” he argued.

“To prevent incidents like this from occurring, awareness within the cloud environment is imperative.” 

Cloud Security Posture Management (CSPM) tools are widely regarded as best practice in this space, as they continuously monitor such environments for configuration errors.

Related to This Story

What’s Hot on Infosecurity Magazine?

1
News

US Marines Create "Blue Team"

2
News

Trump Sex Scandal Video Is a RAT

3
News

Cloud Config Error Exposes X-Rated College Pics

4
News

Threat Actor Dumps 1.9 Million Pixlr Records Online

5
News

Most Financial Services Have Suffered COVID-Linked Cyber-Attacks

6
News Feature

The End of Adobe Flash: What Will Post-Support Life Look Like?

1
News

Truckers' Medical Records Leaked

2
News

France Arrests 14 Over Online Child Sexual Abuse

3
News

Exploit Allows Root Access to SAP

4
Blog

Excluding Words Using Active Directory Password Policy

5
News

Barmak Meftah Joins Board of Directors at Nozomi Networks

6
Opinion

Modernizing vs. Replatforming: Why Choosing the Right Approach Can Impact System Security

1
Webinar

FTP, FTPS & SFTP: Which Protocol Should You Use, and When?

2
Webinar

How to Secure the Most Vital Data Channel in Your Organization: File Transfers

3
Webinar

Becoming a Next-Gen CISO: Leading from the Front

4
Webinar

Fulfilling Network Security Requirements and Business Needs

5
Webinar

2021: The Year Zero Trust Overtakes VPN?

6
Webinar

The Top Five Security Metrics

1
News Feature

The Growing Threat of #COVID19 Vaccine Phishing Scams

2
Blog

Taking the First Steps Toward Self-Repairing Endpoints

3
Opinion

Privacy Post-COVID: Predictions for 2021

4
Opinion

#HowTo: Build a Business Case for Cybersecurity Investment

5
Webinar

2021: The Year Zero Trust Overtakes VPN?