Hackers Are Selling 8.3 Million 123RF User Records

Stock imagery website 123RF dot com suffered a cyber attack in mid-November 2020. According to reports, around 8.3 million user records were stolen by bad actors and have now been put up for sale.

123RF is one of the more popular stock imagery websites, primarily offering royalty free images for various publication purposes. The site has a fairly active and large userbase, with over 25 million monthly visitors. Its parent company, Inmagine Group, recently announced that bad actors had gained access to a 123RF server and stole customer information from it. The compromised database contained 8.3 million user records.

Hashed passwords may not be as secure as you think

The stolen data has already been put up for sale on hacker forums and contains personally identifiable information. Customer full names, e-mail addresses, IP addresses as well as Paypal e-mails and phone numbers are among the stolen data. Worst of all, the database also contained passwords that have been hashed using just MD5 encryption. The little good news included in the announcement was that no financial and payment information was contained among the user records.

It is well known that MD5 is not a particularly secure encryption method and there are vast MD5 databases that records can be compared against and decrypted.

It seems Inmagine Group also understand that, as they issued a warning to 123RF users to change their passwords on other services and platforms immediately, in case they used the same password across different logins.

If it's any consolation, the database that was illegally accessed was somewhat out of date, containing records that were last updated in late 2019.

Again, as with any other data breach, there is nothing the regular user can do after the leak has happened. The only thing that can keep you secure in similar situations is to never use the same password across different platforms to ensure that one compromised database will not hand your master password in the hands of cyber criminals.

November 20, 2020

Leave a Reply