Η company officially announced it when some users started complaining on social media about receiving infringement notifications in their inbox.
The company officially revealed the data breach yesterday, confirming the authenticity of the emails received by the subscribers. users the last days.
The hackers used SQL to gain access to the Freepik system
Freepik said the attackers received usernames and passwords of millions of users (older), which are registered on the websites Freepik and Flaticon.
Freepik did not say when the data breach occurred or when it was discovered. However, the company states that it has informed authorities as soon as he learned of the incident and began to investigate the case.
Millions of passwords have been stolen
Freepik said not all users had passwords linked to their accounts and the hackers only took the emails of some.
"For the remaining 3,77 million users, the attackers received the email address and a hash of the password," the company added. "For the 3,55 million of these users, the hash method is bcrypt and the rest MD5. "Since then, we have upgraded the hash of all users to bcrypt."
User notification procedure
Freepik said it is now in the process of notifying all affected users. The company sends emails to Freepik and Flaticon users, depending on the service to which the users were registered. Below are some of these messages that users received.
"Hashed passwords with salted MD5 were canceled and users received emails to choose a new password and change the password if they used it in any other website", Said Freepik. "Users who had their password hashed with bcrypt received an email asking them to change their password. The users whose only email had been leaked were informed, but no special action is required from them ".
Freepik is one of the most popular sites today (position 97 in the list of top 100 Alexa sites). Flaticon is located at 668.
When the EQT acquired Freepik in late May this year, the company claimed that the service Freepik has over 20 million registered users.
Users registered on Slidesgo, another Freepik site, do not appear to be affected.