Freepik Company Discloses Data Breach Affecting More Than 8 Million Users
The Freepik Company has disclosed a data breach impacting the login information of more than 8 million Freepik and Flaticon users.
According to a press release, the security incident was the result of a SQL injection in Flaticon, one of the world”s largest databases of free customizable icons, that allowed attackers to exfiltrate user information.
“We immediately notified the competent authorities of the breach, and in our forensic analysis, we determined that an attacker extracted the email and, when available, the hash of the password of the oldest 8.3M users,” the company said.
More precisely, the attackers were able to steal 4.5 million email addresses and 3.77 million combinations of email addresses and hashed passwords.
“Out of these 8.3M users, 4.5M had no hashed password because they used exclusively federated logins (with Google, Facebook and/or Twitter), and the only data the attacker obtained from these users was their email address,” Freepik added. “For the remaining 3.77M users the attacker got their email address and a hash of their password. For 3.55M of these users, the method to hash the password is bcrypt, and for the remaining 229K users the method was salted MD5.”
Freepik cancelled all MD5 hashed passwords, and users were prompted to select a new password to log in to their accounts. More than 3 million users who presented a bcrypt hashed password received an email suggesting they reset their passwords, and all Flaticon and Freepik users were advised to change passwords for all online accounts that shared the same login credentials.
Data breaches appear to be common events these days. Find out more about how you can regain control of your personal information with Bitdefender”s Digital Identity Protection.
The platform developers have also revelead that they regularly check for leaked emails and passwords online. If the information found matches among Freepik or Flaticon users, the passwords are disabled, and users are required to update their login credentials.
Freepik apologized for the leak and assured users that it plans to strengthen internal and external security measures to avoid any future incidents.
“Due to this incident, we have greatly extended our engagement with external security consultants and did a full review with a first-class agency of our external and internal security measures,” Freepik concluded. “We took some important short term measures to increase our security and have planned medium and long term extra security measures.”
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US
July 16, 2021
How to protect yourself against cyberstalking
July 06, 2021
The Top Five Security Risks Smartphone Users Face Today
July 02, 2021
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials
July 02, 2021
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger
June 30, 2021
Mobile security threats: reality or myth?
June 13, 2021
FOLLOW US ON
You might also like
July 21, 2021
July 15, 2021