Popular stock photo site 123RF has suffered a massive data breach. Cybercriminal began selling database containing 8.3 million user records on a Darkweb.
The stolen data includes a 123RF members’ full name, email address, MD5 hashed passwords, company name, phone number, address, PayPal email if used, and IP address. There is no financial information stored in the database.
BleepingComputer received an email from Inmagine Group, the owner of 123RF, stating that a server located at their data center was breached and the hackers “proceeded to copy the membership data.”
“We are actively notifying the necessary authorities and 123RF.com members to work with them to remedy the situation. We are also tightening the security policies to include tighter passwords and IP detection to combat suspicious log-ins.”
“Our security infrastructure is always under a constant state of security testing, penetration and development, especially in the past year.”
“We wish to reiterate that we take the privacy and data of our customers seriously and have at all times been vigilant with the handling of our customer’s data,” Inmagine Group shared with BleepingComputer.
