Posted on November 14, 2020 at 2:40 PM
A recent report revealed that the popular stock photo website 123RF is the victim of the recent data break that got 8.3 million records exposed on the dark web.
Such records constitute one of the biggest data breaches this year, with reports revealing that 123RF receives over 30 million views monthly.
When Imagine Group was contacted about the attack, the company admitted it recently suffered a data breach attack, stating that a threat actor succeeded in stealing millions of data after breaching its data center.
“We are actively notifying the necessary authorities and 123RF.com members to work with them to remedy the situation” a spokesperson for the company said.
Stolen data offered for sale at darknet
Security researchers detected the sale of the data last weekend when a popular hacker, known for his activities surrounding similar incidents, advertised the sale of the data on several forums.
The report revealed that 123RF suffered the data breach earlier in March. However, the threat actors allegedly waited until Nov. 8 to leak the data on the darknet.
123RF is a subsidiary of Chicago-based Inmagine Group, which is popularly known for its sale of royalty-free images to businesses and individuals around the world.
Data include personal details of users
Researchers have analyzed the breached data and discovered that it has details that include the full names of the users, their email addresses, phone numbers, IP addresses, User names, location (including cities, states, and country), Facebook profile link, as well as password hashes.
123RF is one of the biggest online repositories when it comes to stock photos, audios, videos, and some royalty-free content.
It offers more than 100 million creative works for different users online and distributes daily content with its over 3,000 registered artists.
However, the investigation into the data breach has not discovered any exposure of user financial information.
Inmagine Group has already stated the data breach, saying that some threat actors compromised a server in its data center. It revealed that the threat actor succeeded in getting a copy of the stored information. However, the company also revealed that the copied database contained mostly old data, with the most recent record dating back to 2019.
Compromised passwords can be decrypted
While the firm stated that the passwords are fully protected, it may still be easily decrypted since it’s based on the MD5 hashing method. Inmagine Group also revealed that it had notified the affected users to take more security steps towards their accounts. The company also stated that it has contacted law enforcement agencies and is currently working with them to get to the root of everything.
The company has warned users to use a stronger password on other portals as it’s very possible to decrypt stolen passwords using hashing removal sites available online, word list, or brute force tools. After the hacker successfully decrypts the user’s password, they can use them to log into other sites the users have an account.
As a result, the company is advising 123RF users to change their passwords on the portal as soon as possible. They should also change their passwords to other sites if they are sharing the same password with other accounts. Prompt change to a more difficult password will help the user avoid becoming a victim of credential fill attacks.
The company also released an official statement, saying its security system is always under consistent security testing within the past year. Inmagine Group also says it takes the safety and security of its user data very seriously, and it’s very careful when handling customer data.
123RF’s algorithm not fully fortified
Senior security engineer at Synopsys, Boris Cipot, commented on the breached data, stating that the company used one of the least secure algorithms to protect its data. According to him, any serious hacker using simple clear texting passwords available at online dehashing sites can decrypt those passwords easily.
According to the investigation, the popular ShinyHunters is responsible for the 123RF data breach. The same hacker has been responsible for some of the biggest data breaches this year, including Mashable with leaked 5.22GB worth of database, Couchsurfing (17 million hacked accounts), Tokopedia (91 million accounts), Dave.com (7 million), Dunzo ( 11 GB data), and Wattpad (271 million hacked accounts).