Cyber Incident Victim: 123RF
Date:
Nov 2020
Location:
Malaysia
Summary
A popular stock photo service suffered a data breach when hackers compromised a server and exfiltrated approximately 8.3 million user records, later offering the database for sale on a hacker forum. The stolen information included full names, email addresses, MD5-hashed passwords, company details, phone numbers, physical addresses, PayPal-associated emails, and IP addresses, though no financial data was exposed. The affected organization confirmed the incident involved outdated membership records and initiated law enforcement collaboration while implementing enhanced security measures like stricter password policies and suspicious login detection. Analysis revealed the hashed passwords were vulnerable to cracking techniques, potentially exposing reused credentials across other platforms.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or around November 12, 2020, the stock photo service 123RF suffered a data breach when a hacker advertised the sale of a database containing 8.3 million user records on a hacker forum. The Malaysia-based platform, which receives over 26 million monthly visitors according to SimilarWeb, confirmed the incident after BleepingComputer alerted them. Inmagine Group, 123RF's parent company, stated that attackers breached a server at their data center and copied membership data. Analysis of the stolen database samples revealed it contained full names, email addresses, MD5-hashed passwords, company names, phone numbers, physical addresses, PayPal email addresses associated with accounts, and IP addresses. The company emphasized no financial information was included in the compromised records. Forensic examination indicated the database was outdated, with the most recent entry dated October 27, 2019, though the breach itself occurred in 2020.

Inmagine Group initiated response measures by engaging law enforcement and notifying affected users about the breach. They acknowledged security shortcomings regarding password storage, as the MD5 algorithm used could be easily cracked using publicly available tools, exposing plaintext credentials. The company announced enhanced security protocols including stricter password requirements and IP-based detection systems to identify suspicious login attempts. While emphasizing their ongoing security testing and penetration assessments prior to the incident, 123RF advised customers to change their passwords immediately due to the risk of credential reuse attacks across other platforms. The breach exposed users to potential account takeovers and phishing campaigns leveraging the stolen personal information, though no direct financial fraud vectors were identified in the dataset.
