Popular image and graphic hosting website, Freepik hacked, hackers steal personal identifiable information of 8.3 million users
Unknown hackers managed to hack into Freepik servers and steal customer information of 8.3 million Freepik users. According to the official statement, Freepik says that unknown hackers gained entry into its servers using an SQL injection vulnerability. The hackers gained into one the main databases which stored user data and have stolen usernames and passwords for the oldest 8.3 million users registered for two of Freepik websites, Freepik and Flaticon.
The announcement doesn’t say when Freepik was hacked or when the company found out about the data breach. Over the past few weeks, Freepik users have been complaining about weird stuff going around with their Freepik accounts. Some even complained about receiving unsolicited emails from the image hosting company. However, the company did not respond at that time.
Yesterday, it admitted that its servers were breached and the hackers stole the database containing user ids and passwords of its customers. The company says that since many of its users use Google, Facebook or Twitter authorization for login, they will not be affected by the data breach. “For the remaining 3.77M users the attacker got their email address and a hash of their password,” the company added. “For 3.55M of these users, the method to hash the password is bcrypt, and for the remaining 229K users the method was salted MD5. Since then we have updated the hash of all users to bcrypt.”
Freepik is a very popular image hosting website with nearly a million visitors a month. It is very popular in India, Iran and the United States. Users got access to high-quality free photos and design graphics on both Freepik and Flaticon.