Freepik reveals that the attack took place due to a SQL injection in Flaticon.
Just a few days ago, Experian announced suffering a data breach affecting 24 million customers. Now, Freepik, a popular platform for designers offering free graphic resources has announced that it has suffered a massive data breach affecting users on Freepik.com and Flaticon.com.
For your information, Flaticon claims to be the largest database of free icons and is owned by Freepik company. According to the statement, Freepik has revealed that a hacker managed to exploit an SQL vulnerability stealing 8.3 million records from both platforms collectively.
The data stolen in the breach includes email addresses and password hashes. However, for some users, the compromised data only includes email or social media tokens used for login on both sites. For instance, Freepik explained in its statement that;
Out of these 8.3M users, 4.5M had no hashed password because they used exclusively federated logins (with Google, Facebook and/or Twitter), and the only data the attacker obtained from these users was their email address.
For the remaining 3.77M users the attacker got their email address and a hash of their password. For 3.55M of these users, the method to hash the password is bcrypt, and for the remaining 229K users the method was salted MD5. Since then we have updated the hash of all users to bcrypt.
Although the company has informed affected users it is still advised to change your password on both websites and any ..
Support the originator by clicking the read the rest link below.
