UPDATED 21:28 EDT / JANUARY 20 2021

SECURITY

ShinyHunters publishes 1.9M stolen user credentials from photo editing site Pixlr

Infamous hacking group ShinyHunters has released 1.9 million stolen user records from free online photo editing service Pixlr as part of a release of hacked data from various sites.

Links to the data stolen from Pixlr were published on a well-known internet hacking forum Jan. 17 and included user login names, email addresses, hashed passwords, country of origin and other details.

In this case, it’s believed that ShinyHunters gained access to Pixlr’s user records through an unsecured Amazon Web Services Inc. S3 bucket, but the hacking group has used various methods in the past. In the hack, financial service provider Dave Inc. in July, ShinyHunters was able to gain access through a breach of Git analytics platform provider Waydev Inc.

Pixlr users are not alone in having its user data stolen and published by ShinyHunters this year. Researchers at cybersecurity intelligence firm Kela Research and Strategy Ltd. have also discovered stolen data linked to on the same forum from Wongnai Media Co. Ltd., Tuned Global Pty. Ltd., Buyucoin, Wappalyzer, Teespring Inc. and Bonobos.com.

“Over this past summer, ShinyHunters was seen publishing leaked data for free, exposing millions of personal records from all over the world,” Victoria Kivilevich, threat intelligence analyst at KELA, told SiliconANGLE. “We have seen collaborators of Shiny Hunters selling and leaking other dumps in the recent months, but Shiny Hunters has not been seen releasing data themselves since November.”

Discussing the publication of stolen Pixlr credentials, Nathanael Coffing, chief security officer at identification firm Cloudentity Inc., noted that with hundreds of thousands of user emails and login credentials exposed in this breach, users are at great risk of credential stuffing or phishing attacks.

“It doesn’t take much for bad actors to cross-reference the compromised data with previously breached records and create accurate profiles of the breach victims,” Coffing explained. “Hackers already have access to previously stolen data on the dark web, which allows them to easily weaponize this free information for their own malicious gain and target users’ financial or healthcare information.”

Image: Raid Forums

A message from John Furrier, co-founder of SiliconANGLE:

Support our open free content by sharing and engaging with our content and community.

Join theCUBE Alumni Trust Network

Where Technology Leaders Connect, Share Intelligence & Create Opportunities

11.4k+  
CUBE Alumni Network
C-level and Technical
Domain Experts
15M+ 
theCUBE
Viewers
Connect with 11,413+ industry leaders from our network of tech and business leaders forming a unique trusted network effect.

SiliconANGLE Media is a recognized leader in digital media innovation serving innovative audiences and brands, bringing together cutting-edge technology, influential content, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — such as those established in Silicon Valley and the New York Stock Exchange (NYSE) — SiliconANGLE Media operates at the intersection of media, technology, and AI. .

Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a powerful ecosystem of industry-leading digital media brands, with a reach of 15+ million elite tech professionals. The company’s new, proprietary theCUBE AI Video cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.