Popular online photo editing site Pixlr recently suffered a major data exposure that involved a hacker leaking around 1.9 million user records on a Dark Web forum along with data stolen from other websites.
The massive trove of data was leaked by a hacker calling himself ShinyHunters on a dark web forum known as Jan. 17. While it is not known exactly how the hacker gained access to so much Pixlr data, that included users' login names, SHA-512 hashed passwords, email addresses, and their locations, it is believed that he accessed the data stored in an unsecured Amazon Web Services S3 bucket.
ShinyHunters claimed in the dark web forum, where he shared all 1,921,141 Pixlr user records for free, that he gained access to these details after breaching the 123RF stock photo site which, like Pixlr, is also owned by Inmagine. He also claimed that he downloaded the database from Pixlr's AWS bucket at the end of 2020.
According to Bleeping Computer, ShinyHunters is well-known for hacking into websites and selling large troves of stolen information via data brokers on the dark web. The victims of ShinyHunters include 123RF, Tokopedia, Homechef, Minted, Chatbooks, Dave, Promo, Mathway, Wattpad, and others.
According to Pravin Rasiah, VP of Product at CloudSphere, the possibility of ShinyHunters accessing an unsecured S3 bucket is quite believable as improperly secured AWS S3 buckets are one of the leading causes of data breaches due to misconfiguration.
"The chances of leaving an S3 bucket exposed are all too high, as inexperienced users can simply choose the "all users" access option, making the bucket publicly accessible. Leaving these S3 buckets open and exposed invites hackers to exploit the personal data entrusted to companies by their customers.
Rasiah added that in order to avoid such misconfigurations from happening, businesses should invest in a cloud governance platform that provides holistic, real-time observability into the cloud landscape to stay apprised of abnormalities while ensuring that data is secure. With comprehensive visibility and the ability to remediate issues before they can be exploited, companies can ensure security for themselves and their customers.
Stephen Kapp, CTO and founder of Cortex Insight, says that to limit the damage, Pixlr should look to improve its internal processes by holding user information within application databases or a dedicated SSO systems, such as those offered by AWS. This would allow for dedicated password hashing that includes a Salt Work Factor to help mitigate against brut force attacks.