A hacker has leaked 1.9 million user records of popular photo editing app Pixlr containing information that could be used to perform targeted phishing and credential stuffing attacks. Over the weekend, a threat actor known as ShinyHunters shared a database for free on a hacker forum that he claims was stolen from Pixlr while he breached the 123rf stock photo site. The alleged Pixlr database posted by ShinyHunters contains 1,921,141 user records consisting of email addresses, login names, SHA-512 hashed passwords, a user’s country, whether they signed up for the newsletter, and other internal information. ShinyHunters stated he downloaded the database from the company’s AWS bucket at the end of 2020.
<p>The breach against Pixlr shows how cybercriminals are actively targeting organisations to monetise on data.</p> <p> </p> <p>To help limit the damage, Pixlr should look to improve its internal processes by holding user information within application databases or a dedicated SSO systems, such as those offered by AWS. This would allow for dedicated password hashing that includes a Salt Work Factor to help mitigate against brut force attacks.</p> <p> </p> <p>Any users of Pixlr who may have been affected by the breach are advised to update their passwords for the site and any others that use the same password. Going forward they should ensure that all current and new accounts have unique passwords which can be managed using a password manager to keep them secure.</p>
<p>In the wake of this breach, users should change their password on the platform and on any other site where it may have been reused, as hackers can sometimes successfully revert hashed passwords. Users should also be prepared for possible phishing attacks. They should not blindly click on links sent via email. These links may lead you to a malicious site where you will be encouraged to \’change\’ your password. The same goes for documents – do not download anything without first verifying the authenticity of the sender. Cybercriminals will try to abuse every piece of information they have on you for their own personal gain; therefore, think twice before actioning any emails.</p>
<p>While the revelation of details on almost two million Pixlr user accounts did not include financial information, it did include password hashes and enough information to be valuable for an attacker to launch carefully crafted spear phishing attacks, or a cast-netting attack against the Pixlr user base.</p>
<p>Improperly secured AWS S3 buckets are one of the leading causes of data breaches due to misconfiguration. The chances of leaving an S3 bucket exposed are all too high, as inexperienced users can simply choose the \"all users\" access option, making the bucket publicly accessible. Leaving these S3 buckets open and exposed invites hackers to exploit the personal data entrusted to companies by their customers.<u></u><u></u></p> <p> <u></u><u></u></p> <p>To prevent incidents like this from occurring, awareness within the cloud environment is imperative. Businesses shou<wbr />ld invest in a cloud governance platform that provides holistic, real-time observability into the cloud landscape to stay apprised of abnormalities while ensuring that data is secure. With comprehensive visibility and the ability to remediate issues before they can be exploited, companies can ensure security for themselves and their customers.</p>