A hacker has leaked 1.9 million user records of popular photo editing app Pixlr containing information that could be used to perform targeted phishing and credential stuffing attacks. Over the weekend, a threat actor known as ShinyHunters shared a database for free on a hacker forum that he claims was stolen from Pixlr while he breached the 123rf stock photo site. The alleged Pixlr database posted by ShinyHunters contains 1,921,141 user records consisting of email addresses, login names, SHA-512 hashed passwords, a user’s country, whether they signed up for the newsletter, and other internal information. ShinyHunters stated he downloaded the database from the company’s AWS bucket at the end of 2020.
About the Author
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.
