Popular Stock Photo Service Hit By Data Breach, 8.3M Records For Sale

Stock photo site 123RF has suffered a data breach after a hacker began selling a database containing 8.3 million user records on a hacker forum.

123RF is a popular stock photo and vector site that sells royalty-free images, videos, and audio to be used on websites, printed content, and videos. According to SimilarWeb, 123RF receives over 26 million visitors per month.

Over the past weekend, a known data breach broker began selling a database containing 8.3 million user records stolen from 123RF.com during a data breach.

Also Read: Limiting Location Data Exposure: 8 Best Practices

From the samples of the database seen by BleepingComputer, the stolen data includes a 123RF members’ full name, email address, MD5 hashed passwords, company name, phone number, address, PayPal email if used, and IP address. There is no financial information stored in the database.

123RF confirms data breach

After emailing 123RF earlier this week, BleepingComputer received an email from Inmagine Group, the owner of 123RF, stating that a server located at their data center was breached and the hackers “proceeded to copy the membership data.”

Based on the site of the sold database, Inmagine Group states that the database is likely outdated and is not the latest version from 2020. In the samples seen by BleepingComputer, the newest record date is from October 27th, 2019.

While the company states that the passwords are encrypted, the passwords are MD5 hashes. Unfortunately, using online MD5 cracking tools, BleepingComputer could easily retrieve the plain-text passwords for numerous accounts.

Inmagine Group states that they are working with law enforcement and have begun notifying affected 123RF members.

Also Read: 10 Practical Benefits of Managed IT Services

“We are actively notifying the necessary authorities and 123RF.com members to work with them to remedy the situation. We are also tightening the security policies to include tighter passwords and IP detection to combat suspicious log-ins.”

“Our security infrastructure is always under a constant state of security testing, penetration and development, especially in the past year.”

“We wish to reiterate that we take the privacy and data of our customers seriously and have at all times been vigilant with the handling of our customer’s data,” Inmagine Group shared with BleepingComputer.

What 123RF customers should do

While the passwords leaked in this data breach were hashed, as explained, it is possible to crack the stolen passwords using brute force tools, word lists, and even online dehashing sites.

After a user’s password is cracked, threat actors would be able to use them to log in to other sites you may have an account.

Therefore, if you are a 123RF customer, you should immediately change your password to a strong and unique one.

If that same password was used at another site, you should change it at any other site that also uses it.

When changing your passwords, be sure to use a unique and strong password at every site so that a data breach does not affect your account at other companies.

A password manager can make it much easier to use unique passwords at every site and is highly recommended.