123RF is a stock photography company. It sells royalty-free imagery to anyone willing to buy and has been expanding since 2020 to help include the growing web-based content market.
The breach was an attack on the photo-managing site. The site’s owner, Inmagine Group, immediately contacted authorities and found that the violation affected certain account information, including passwords. Inmagine assured users that the passwords were hashed, but Bleeping Computer could easily unencrypt the passwords of several accounts.
The breach occurred when a third party accessed 123RF’s internal systems. These systems housed customers’ emails, names, company names, hashed passwords, addresses, phone numbers, IP addresses, and PayPal emails if the victims used PayPal. Now, the hacker has access to the personal information of these people.
This breach occurred in November 2020.
The breach impacts a good portion of the 123RF consumer base. The hacker could quickly launch multiple attacks on the victims, including phishing attacks and other types of scams. Anyone victimized by the breach must remain vigilant and keep themselves safe.
The breach affects over 8.3 million consumer files. The data was copied from the system, not stolen, so 123RF still had access to the information when customers used the site. Therefore, the customers can still use the site, though the owners are recommending anyone affected by the breach change their password to decrease risk.