HomesecurityFreepik: Revealed data breach of millions of users

Freepik: Revealed data breach of millions of users


The Freepik, one website that provides access in high quality photos and graphics, revealed an important infringement data.

Η company officially announced it when some users started complaining on social media about receiving infringement notifications in their inbox.

The company officially revealed the data breach yesterday, confirming the authenticity of the emails received by the subscribers. users the last days.

The hackers used SQL to gain access to the Freepik system

According to the official statement of the company, the infringement data took place when the hackers used a SQL injection vulnerability to access one of the databases where user data is stored.

Freepik said the attackers received usernames and passwords of millions of users (older), which are registered on the websites Freepik and Flaticon.

Freepik did not say when the data breach occurred or when it was discovered. However, the company states that it has informed authorities as soon as he learned of the incident and began to investigate the case.

Millions of passwords have been stolen

Freepik said not all users had passwords linked to their accounts and the hackers only took the emails of some.

The company estimates that these users were 4,5 million and used connections Google, Facebook ή Twitter to connect to accounts their.

"For the remaining 3,77 million users, the attackers received the email address and a hash of the password," the company added. "For the 3,55 million of these users, the hash method is bcrypt and the rest MD5. "Since then, we have upgraded the hash of all users to bcrypt."

User notification procedure

Freepik said it is now in the process of notifying all affected users. The company sends emails to Freepik and Flaticon users, depending on the service to which the users were registered. Below are some of these messages that users received.

data breach

"Hashed passwords with salted MD5 were canceled and users received emails to choose a new password and change the password if they used it in any other website", Said Freepik. "Users who had their password hashed with bcrypt received an email asking them to change their password. The users whose only email had been leaked were informed, but no special action is required from them ".

Freepik is one of the most popular sites today (position 97 in the list of top 100 Alexa sites). Flaticon is located at 668.

When the EQT acquired Freepik in late May this year, the company claimed that the service Freepik has over 20 million registered users.

Users registered on Slidesgo, another Freepik site, do not appear to be affected.


Please enter your comment!
Please enter your name here

Digital Fortress
Digital Fortress
Pursue Your Dreams & Live!