AI-powered online photo and video editing platform Cutout.Pro suffered a major data breach that exposed the personal information of 20 million members, including email addresses, hashed and salted passwords, IP addresses, and names.
Someone using the alias ‘KryptonZambie’ shared a link on the BreachForums hacking forum to CSV files containing 5.93 GB of data stolen from Cutout.Pro.
From samples seen by BleepingComputer, the data that was leaked includes the following information:
- User ID and profile picture
- API access key
- Account creation date
- Email address
- User IP address
- Mobile phone number
- Password and salt used in hashing
- User type and account status
Data breach monitoring and alerting service Have I Been Pwned (HIBP) added the breach to its catalog yesterday, confirming that the leaked dataset includes the information for 19,972,829 people.
Also, the threat actor distributes the files on their personal Telegram channel, causing a much wider circulation of the stolen data.
