Freepik Company Data Breach
Freepik Company Data Breach | |
---|---|
Short Title | Freepik Company Experienced an External Attack That Allowed Access to Information of 8 Million Users |
Location | Global |
Date | October 2020 |
Solove Harm | Insecurity, Interrogation |
Information | Contact, Authenticating |
Threat Actors | Freepik, Unidentified hackers |
Individuals | |
Affected | Freepik users |
High Risk Groups | |
Tangible Harms |
The Freepik Company has disclosed a data breach impacting the login information of more than 8 million Freepik and Flaticon users.
Description
Freepik announced about a security incidentInsecurity which was the result of a SQL injection in Flaticon, one of the world’s largest databases of free customizable icons, that allowed attackers to exfiltrate user information.Interrogation
The attacker extracted the email and, when available, the hash of the password of the oldest 8.3M users. More precisely, the attackers were able to steal 4.5 million email addresses and 3.77 million combinations of email addresses and hashed passwords.
Freepik cancelled all MD5 hashed passwords, and users were prompted to select a new password to log in to their accounts. More than 3 million users who presented a bcrypt hashed password received an email suggesting they reset their passwords, and all Flaticon and Freepik users were advised to change passwords for all online accounts that shared the same login credentials.
Breakdown
Threat: Freepik not protecting user data from attackers access
At-Risk group: Freepik users
Harm: Insecurity
Secondary Consequences: not known
Threat: Attackers probing Freepik system for personal information of users
At-Risk group: Freepik users
Harm: Interrogation
Secondary Consequences: not known