Latest Threat Research: LetMeowIn – Analysis of a Credential Dumper

Get Informed


Attacker Posts Pixlr User Records Online

Pixlr is a very popular free online photo editing software that has many of the same features as found in professional editors like Photoshop. The site is free to use for basic editing, but also offers a premium subscription that gives users access to more advanced editing tools. An attacker has now leaked approximately 1.4 million user records that contain information that could be used to perform credential stuffing attacks and targeted phishing campaigns. The threat actor known as ShinyHunters shared the database for free on a known hacking forum that he claims was stolen from Pixlr when he breached the 123rf stock photo site which happens to be owned by the same company, Inmagine. ShinyHunters is a well-known attacker and has been responsible for data breaches at Tokepedia, Homechef, Minted, Chatbooks, Dave, Promo, Mathway, Wattpad, and many more. The alleged leak contains over 1.4 million user records containing email addresses, login names, SHA-512 hashed passwords, user’s country, and other internal information. ShinyHunters stated the database was downloaded from the company’s AWS bucket at the end of 2020. BleepingComputer has confirmed that some of the leaked email addresses in the database are registered Pixlr members.

Analyst Notes

It is highly recommended that all Pixlr users immediately change their login credentials on this site and any others that share the same email and password combination. Users should make passwords that are unique to each service and complex by using special characters and numbers when available. Multi-Factor Authentication (MFA) should be used to protect important accounts such as email and employee remote access systems. There are a multitude of password managers available that can assist users in keeping their login credentials secure and saved on their systems.

Source Article: