As the use of photo editing and enhancing software has increased, so has the influx of tons of free photo editing apps. Both, professional as well as individual users are found to be taking advantage of these easy to access and use apps. However, one such app called the Pixlr app has been reportedly hacked by cybercriminals.
A group of threat actors has recently gained unauthorized access to Pixlr’s site, which has left about 1.9 million Pixlr users’ account information vulnerable.
The hacker group that has targeted Pixlr is said to be the ShinyHunters. The group is infamous for targeting and hacking major websites including the Indonesian eCommerce site Tokopedia and the Indian education platform called Unacademy. Both the companies have confirmed their hacks.
This sort of big user account leak could not only violate major cyber laws but could also put forth severe malicious attacks like targeted phishing, identity thefts, credential stuffing attacks, and many more.
It is believed that ShinyHunters gained access to Pixlr’s user records through an unsecured Amazon Web Services Inc. S3 bucket, but the hacking group has used various methods in the past. In the hack, financial service provider Dave Inc. in July, ShinyHunters was able to gain access through a breach of Git analytics platform provider Waydev Inc.
The ShinyHunters have now released an entire accumulation of data on Dark Web forums containing more than 350 million profiles. The database shared on the forums seems to be containing approximately 1,900,000 user records and includes information on login IDs, email addresses, SHA-512 hashed passwords, the user’s country, and other important private details.