2 min read

Freepik Company Discloses Data Breach Affecting More Than 8 Million Users

Alina BÎZGĂ

August 26, 2020

Freepik Company Discloses Data Breach Affecting More Than 8 Million Users

The Freepik Company has disclosed a data breach impacting the login information of more than 8 million Freepik and Flaticon users.

According to a press release, the security incident was the result of a SQL injection in Flaticon, one of the world”s largest databases of free customizable icons, that allowed attackers to exfiltrate user information.

“We immediately notified the competent authorities of the breach, and in our forensic analysis, we determined that an attacker extracted the email and, when available, the hash of the password of the oldest 8.3M users,” the company said.

More precisely, the attackers were able to steal 4.5 million email addresses and 3.77 million combinations of email addresses and hashed passwords.

“Out of these 8.3M users, 4.5M had no hashed password because they used exclusively federated logins (with Google, Facebook and/or Twitter), and the only data the attacker obtained from these users was their email address,” Freepik added. “For the remaining 3.77M users the attacker got their email address and a hash of their password. For 3.55M of these users, the method to hash the password is bcrypt, and for the remaining 229K users the method was salted MD5.”

Freepik cancelled all MD5 hashed passwords, and users were prompted to select a new password to log in to their accounts. More than 3 million users who presented a bcrypt hashed password received an email suggesting they reset their passwords, and all Flaticon and Freepik users were advised to change passwords for all online accounts that shared the same login credentials.

Data breaches appear to be common events these days. Find out more about how you can regain control of your personal information with Bitdefender”s Digital Identity Protection.

The platform developers have also revelead that they regularly check for leaked emails and passwords online. If the information found matches among Freepik or Flaticon users, the passwords are disabled, and users are required to update their login credentials.

Freepik apologized for the leak and assured users that it plans to strengthen internal and external security measures to avoid any future incidents.

“Due to this incident, we have greatly extended our engagement with external security consultants and did a full review with a first-class agency of our external and internal security measures,” Freepik concluded. “We took some important short term measures to increase our security and have planned medium and long term extra security measures.”

tags


Author



Right now

Top posts

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read
Mobile security threats: reality or myth?

Mobile security threats: reality or myth?

June 13, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

The UK Government Plans to Make Digital Identities Secure and Trusted Official Documents The UK Government Plans to Make Digital Identities Secure and Trusted Official Documents
Alina BÎZGĂ

July 21, 2021

1 min read
Dozens of Facebook Engineers Illegally Accessed Private User Data, New Book Says Dozens of Facebook Engineers Illegally Accessed Private User Data, New Book Says
Silviu STAHIE

July 15, 2021

1 min read
Are you a TikToker? Check Out These Eight Security Tips to Help You Minimize Your Digital Footprint and Stay Safe Online Are you a TikToker? Check Out These Eight Security Tips to Help You Minimize Your Digital Footprint and Stay Safe Online
Alina BÎZGĂ

July 14, 2021

5 min read