8.3 million users affected in ‘Freepik data breach’

Freepik, a free photo and graphics site, has disclosed a major data breach that affected nearly 8.3 million users on their site. The company officially revealed data breach after users started protesting on social media about receiving ‘shady emails’ in their inboxes regarding the breach.

Looks like there was a data breach in @freepik pic.twitter.com/H9OQ5oGx1x

— Jishnu Vediyoor (@pullipuli) August 20, 2020

On Thursday, ZDNET reached out to Freepik and company officially disclosed a data breach on Friday (August 21, 2020) confirming the authenticity of emails being sent to registered users to notify about the breach.

The security breach occurred as a result of SQL injection vulnerability to access one of the databases having user data, stated the company’s official statement. According to Freepik, the hacker gathered usernames and passwords of the oldest registered users on Flaticon and Freepik websites.  

Though Freepik didn’t issue any formal statement regarding when the breach took place, however, they informed the authorities as soon as they detected the breach and began the investigations about compromised data.

Moreover, in their statement, Feepik stated that for some users the hacker took only user emails since not all accounts had passwords associated with them. As per them, 4.5 million such users used third-party logins (Facebook, Twitter, Google, etc.) to register and log into their accounts. Freepik said,

“For the remaining 3.77M users the attacker got their email address and a hash of their password”

The company announced they are now in process of informing all the affected user about the breach in personalized emails, notifying what was compromised.

Dear Freepik users, please find here our official statement on the security incident on which the affected users have been informed about by email. Thanks for your comprehension. https://t.co/s477CnBSWA — Freepik (@freepik) August 21, 2020