Security Expert Re: Freekpik Breach Of 8.3 Million Users (SQL injection attack)

Freepik reported that hackers were able to steal emails and password hashes for 8.3M Freepik and Flaticon users in an SQL injection attack against the company’s Flaticon website.

Freepik is one of the largest online graphic resources sites in the world; together Freepik and the Flaticon database platform total 18 million monthly unique users, 50 million monthly views, and 100 million monthly downloads.

Subscribe
Notify of
guest
1 Expert Comment
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Jayant Shukla
Jayant Shukla , CTO and Co-Founder
InfoSec Expert
August 25, 2020 11:05 am

This latest breach of Freepik is believed to have started with an attack using SQL Injection to gain access to users emails and hashed passwords. SQL Injection is a web application threat that’s been a significant concern since the inception of the OWASP Top 10 list in 2003, so it\’s troubling that SQL Injection continues to be one of the most exploited vulnerabilities. An estimated 25% of breaches last year started with an SQL Injection attack.

Organizations need to take action to better protect themselves against SQL vulnerabilities: 1) implement better coding practices to prevent SQL Injection; 2)run better tests for SQL Injection vulnerabilities before code makes it to production; and 3)make sure they have protection against SQL Injection attacks during runtime.

Last edited 2 years ago by Jayant Shukla
1
0
Would love your thoughts, please comment.x
()
x