Exploit: Third Party Data Breach
Pixlr: Photo Editing Software Developer
Risk to Small Business: 1.827 = Severe
ShinyHunters are at it again, this time with a dump of data from Pixlr. The gang claims that the Pixlr data was obtained through their earlier successful breach at stock photo site 123rf, which is owned by the same parent company. The Pixlr database posted by ShinyHunters contains 1,921,141 user records consisting of email addresses, login names, SHA-512 hashed passwords, a user’s country, whether they signed up for the newsletter, and other internal information.
Individual Risk: 1.717 = Severe
User information was stolen that includes basic contact information for users, leaving them at risk for spear phishing attacks.
Customers Impacted: 1,921,141
How it Could Affect Your Customers’ Business: Third party data breaches are becoming all too common as Dark Web data grows, creating even more risk for businesses, especially around credential stuffing.