Freepik Company Data Breach

From Privacy Wiki
Jump to navigation Jump to search
Freepik Company Data Breach
Short Title Freepik Company Experienced an External Attack That Allowed Access to Information of 8 Million Users
Location Global
Date October 2020

Solove Harm Insecurity, Interrogation
Information Contact, Authenticating
Threat Actors Freepik, Unidentified hackers

Affected Freepik users
High Risk Groups
Tangible Harms

The Freepik Company has disclosed a data breach impacting the login information of more than 8 million Freepik and Flaticon users.


Freepik announced about a security incidentInsecurity which was the result of a SQL injection in Flaticon, one of the world’s largest databases of free customizable icons, that allowed attackers to exfiltrate user information.Interrogation

The attacker extracted the email and, when available, the hash of the password of the oldest 8.3M users. More precisely, the attackers were able to steal 4.5 million email addresses and 3.77 million combinations of email addresses and hashed passwords.

Freepik cancelled all MD5 hashed passwords, and users were prompted to select a new password to log in to their accounts. More than 3 million users who presented a bcrypt hashed password received an email suggesting they reset their passwords, and all Flaticon and Freepik users were advised to change passwords for all online accounts that shared the same login credentials.


Threat: Freepik not protecting user data from attackers access
At-Risk group: Freepik users
Harm: Insecurity
Secondary Consequences: not known

Threat: Attackers probing Freepik system for personal information of users
At-Risk group: Freepik users
Harm: Interrogation
Secondary Consequences: not known

Laws and Regulations