Stock photo website 123RF was hacked; 8.3 million user registrations for sale

123RF, a popular stock photo website, revealed that it was the victim of a data breach that resulted in the sale of 8.3 million records on the dark web. Recent reports mention that 123RF receives nearly 30 million views each month.

The sale of this database was detected over the past weekend, when a threat actor recognized for his involvement in similar incidents began advertising the information compromised in various hacking forums.

La imagen tiene un atributo ALT vacío; su nombre de archivo es 123rf01.jpg

Cybersecurity specialists managed to collect some samples of the compromised information, concluding that the records contain a detailed profile of one of the 123RF members, including their full name, email address, hashed passwords, company name, telephone number, PayPal web address, among other data. So far investigators have not found any financial information exposed during the incident.

In this regard, Inmagine Group, the company that owns 123RF, issued a statement inging that a server located in its data center was compromised by a threat actor who managed to make a copy of the stored information. The company also mentions that the database is outdated, as its most recent records date back to 2019.

Although the company mentions that compromised passwords are fully protected, this protection is based on the MD5 hashing method, so they could be decrypted with relative ease. Inmagine Group continues to mention that they are working with the relevant authorities and that the affected users have already been notified.

Users should consider that it is completely possible to decrypt stolen passwords using brute force tools, word lists and even hashing removal sites available online. Once a user’s password is decrypted, threat actors could use them to sign in to other sites where they can have an account.

123RF users are advised to immediately change their password on the platform. If that same password is used to log in to other websites, change all your passwords to prevent credential fill attacks.