Snynet Solution Logo
MON - SUN: 10 AM - 6 PM
+60 11 5624 8319

Blog

Popular stock image website Freepik suffers massive data breach

Image Description

The popular stock photo company Freepik has announced that its Freepik and Flaticon websites have fallen victim to a security breach which allowed hackers to obtain millions of user credentials.

The company released an official statement in which it explained that an attacker was able to gain access to one of its databases by leveraging an SQL injection vulnerability. 

While Freepik did not disclose when the breach occurred or how it was discovered, the company did say that it has already notified authorities regarding the matter.

Based on its internal forensic analysis, Freepik determined that the attacker was able to extract the email addresses and hashed passwords of its oldest 8.3m users.

Hashed passwords

Of the 8.3m Freepik and Flaticon users affected by the breach, 4.5m of them had no hashed password because they used federated logins (with Google, Facebook or Twitter) to sign up for the service. Thus the attacker was only able to obtain the email addresses of these users.

The remaining 3.77m users had their email addresses and a hash of their password stolen in the security breach. For 3.55m of these users, bcrypt was used to hash their passwords while the remaining 229k users had their passwords salted with MD5. Freepik has since updated the hashed passwords of all users to bcrypt.

In its official statement, Freepik provided further details on the steps it has taken so far, saying:

“Those who had a password hashed with salted MD5 got their password canceled and have received an email to urge them to choose a new password and to change their password if it was shared with any other site (a practice that is strongly discouraged). Users who got their password hashed with bcrypt received an email suggesting them to change their password, especially if it was an easy to guess password. Users who only had their email leaked were notified, but no special action is required from them.”

It is highly recommended that Freepik and Flaticon users update their passwords following the security breach and ensure that they're not using the same password across multiple sites or services.

Via ZDNet

Date

24 Aug 2020

Sources


Share


Other Blog

  • How one security researcher is working to secure vulnerable IoT devices

    We spoke with principal security researcher at Tripwire Craig Young about his recent discoveries.

    Read More
  • Google Chrome beta hints at mouth-watering performance upgrades

    Google is currently testing a number of upgrades that it plans to ship with the release of Chrome 99 early next year.

    Read More
  • iPad Pro 12.9 (2021) vs iPad Pro 12.9 (2020)

    New and old versions of Apple's biggest, most expensive iPad compared.

    Read More
  • Windows 11 is the OS that gamers have been waiting for – here's why

    Windows 11 will add a number of key improvements to make gaming on PC better than ever before.

    Read More

Find Out More About Us

Want to hire best people for your project? Look no further you came to the right place!

Contact Us