Freepik data breach
Freepik data breach

Freepik, a platform for free vector and stock images has disclosed a data breach incident after several of its users reported receiving emails. The company didn’t specify when the attack has happened but said an SQL injection is a cause. The hackers have breached into a database and stolen about 8.3 million users records, that contained usernames and hashed passwords.

Freepik and Flaticon Breached

After several users started sharing on social media about the notification emails they’ve been receiving from Freepik, the company has today officially announced the data breach incident. It reported that about 8.3 million users from its platform, Freepik and Flaticon had their details stolen by unknown hackers some time back.

Though there was no specific time and data mentioned about the hack, nor when it realised, it did say the mode of attack was by SQL injection. The attack exploited a vulnerability that led hackers to access the database, where details of its users were stored. It said to be investigating the incident after reporting this to relevant authorities.

Freepik distinguished the impacted users into two kinds since not all the users were equally impacted. There are about 4.5 million users who used alternative methods like Facebook, Google or Twitter to sign in to their accounts, whereas the rest 3.77 million have registered directly with an email address and password.

Further, about 3.55 million users’ passwords were salted with bcrypt encryption and the rest 229,000 users’ passwords with MD5 hash. This led the companies, Freepik and Flaticon to send personalised emails to their users about how they were impacted and what can be done.

For those users who got their passwords hashed with MD5 encryption, the passwords were cancelled thus new ones have to be created. Whereas the bcrypt hashed users can change their passwords. And for those who got their emails stolen, well, there’s nothing to worry about since it could be limited with spamming attacks only. It’s highly recommended not to use easily guessable passwords or the same ones across various sites.

LEAVE A REPLY

Please enter your comment!
Please enter your name here