[BreachExchange] Popular stock photo service hit by data breach, 8.3M records for sale

Destry Winant destry at riskbasedsecurity.com
Mon Nov 16 10:56:08 EST 2020


https://www.bleepingcomputer.com/news/security/popular-stock-photo-service-hit-by-data-breach-83m-records-for-sale/

Stock photo site 123RF has suffered a data breach after a hacker began
selling a database containing 8.3 million user records on a hacker
forum.

123RF is a popular stock photo and vector site that sells royalty-free
images, videos, and audio to be used on websites, printed content, and
videos. According to SimilarWeb, 123RF receives over 26 million
visitors per month.

Over the past weekend, a known data breach broker began selling a
database containing 8.3 million user records stolen from 123RF.com
during a data breach.

123RF database sold on a hacker forum

>From the samples of the database seen by BleepingComputer, the stolen
data includes a 123RF members' full name, email address, MD5 hashed
passwords, company name, phone number, address, PayPal email if used,
and IP address. There is no financial information stored in the
database.

Sample of the stolen 123RF user database

123RF confirms data breach

After emailing 123RF earlier this week, BleepingComputer received an
email from Inmagine Group, the owner of 123RF, stating that a server
located at their data center was breached and the hackers "proceeded
to copy the membership data."

Based on the site of the sold database, Inmagine Group states that the
database is likely outdated and is not the latest version from 2020.
In the samples seen by BleepingComputer, the newest record date is
from October 27th, 2019.

While the company states that the passwords are encrypted, the
passwords are MD5 hashes. Unfortunately, using online MD5 cracking
tools, BleepingComputer could easily retrieve the plain-text passwords
for numerous accounts.

Inmagine Group states that they are working with law enforcement and
have begun notifying affected 123RF members.

"We are actively notifying the necessary authorities and 123RF.com
members to work with them to remedy the situation. We are also
tightening the security policies to include tighter passwords and IP
detection to combat suspicious log-ins."

"Our security infrastructure is always under a constant state of
security testing, penetration and development, especially in the past
year."

"We wish to reiterate that we take the privacy and data of our
customers seriously and have at all times been vigilant with the
handling of our customer’s data," Inmagine Group shared with
BleepingComputer.

What 123RF customers should do

While the passwords leaked in this data breach were hashed, as
explained, it is possible to crack the stolen passwords using brute
force tools, word lists, and even online dehashing sites.

After a user's password is cracked, threat actors would be able to use
them to log in to other sites you may have an account.

Therefore, if you are a 123RF customer, you should immediately change
your password to a strong and unique one.

If that same password was used at another site, you should change it
at any other site that also uses it.

When changing your passwords, be sure to use a unique and strong
password at every site so that a data breach does not affect your
account at other companies.

A password manager can make it much easier to use unique passwords at
every site and is highly recommended.


More information about the BreachExchange mailing list