Ad End 1 February 2024
Ad Ends 13 January 2025
Ad End 26 February 2025
ad End 25 April 2025
Ad Ends 20 January 2025
Ad expire at 5 August 2024
banner Expire 25 April 2025
What's new
banner Expire 15 January 2025
banner Expire 20 October 2024
UniCvv
casino
swipe store
adv exp at 23 August 2024
Carding.pw carding forum
BidenCash Shop
Kfc CLub

File_closed07

TRUSTED VERIFIED SELLER
Staff member
Joined
Jun 13, 2020
Messages
7,544
Reaction score
916
Points
212
Awards
2
  • trusted user
  • Rich User
A notorious threat actor appears to have published 1.9 million user records for the popular online photo editing site Pixlr, putting customers at risk of follow-on attacks.

“ShinyHunters” dumped the files over the weekend for free on an underground forum, claiming the site was breached at the same time as 123RF, which is owned by the same company, Inmagine.

Among the data up for grabs are email addresses, usernames, hashed passwords and users’ countries.

So far there’s been no word from the firm itself, despite the fact that these users could be at risk of phishing attacks, credential stuffing attempts and other fraud if not informed promptly.

ShinyHunters is a prolific actor on the cybercrime underground, having been involved in breaches at Wishbone (40 million records), Heavenly (1.4 million), Dave (7.5 million) and many more.

If this incident is legitimate, as seems the case, Pixlr customers would be advised to be on the look-out for scams and to change their log-ins on the site, and any others they share the same passwords for.

ShinyHunters claimed to have stolen the data from Pixlr’s Amazon Web Services (AWS) S3 bucket late last year.

It’s unclear how, but CloudSphere VP of product, Pravin Rasiah, warned that misconfigured cloud storage is one of the leading causes of data breaches.

“The chances of leaving an S3 bucket exposed are all too high, as inexperienced users can simply choose the ‘all users’ access option, making the bucket publicly accessible. Leaving these S3 buckets open and exposed invites hackers to exploit the personal data entrusted to companies by their customers,” he argued.

“To prevent incidents like this from occurring, awareness within the cloud environment is imperative.”

Cloud Security Posture Management (CSPM) tools are widely regarded as best practice in this space, as they continuously monitor such environments for configuration errors.
 
Ad End 1 February 2024
Top