Security Expert Re: Freekpik Breach Of 8.3 Million Users (SQL injection attack)

By   ISBuzz Team
Writer , Information Security Buzz | Aug 25, 2020 02:59 am PST

Freepik reported that hackers were able to steal emails and password hashes for 8.3M Freepik and Flaticon users in an SQL injection attack against the company’s Flaticon website.

Freepik is one of the largest online graphic resources sites in the world; together Freepik and the Flaticon database platform total 18 million monthly unique users, 50 million monthly views, and 100 million monthly downloads.

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Jayant Shukla
Jayant Shukla , CTO and Co-Founder
August 25, 2020 11:05 am

This latest breach of Freepik is believed to have started with an attack using SQL Injection to gain access to users emails and hashed passwords. SQL Injection is a web application threat that’s been a significant concern since the inception of the OWASP Top 10 list in 2003, so it\’s troubling that SQL Injection continues to be one of the most exploited vulnerabilities. An estimated 25% of breaches last year started with an SQL Injection attack.

Organizations need to take action to better protect themselves against SQL vulnerabilities: 1) implement better coding practices to prevent SQL Injection; 2)run better tests for SQL Injection vulnerabilities before code makes it to production; and 3)make sure they have protection against SQL Injection attacks during runtime.

Last edited 3 years ago by Jayant Shukla

Recent Posts

Would love your thoughts, please comment.x