Freepik, a stock photo site, has disclosed a major data breach that also affected its sister site Flaticon, combining to expose the information of over eight million customers. The firm released a breach notice over the weekend, stating that an attacker had accessed user information in a database through leveraging an SQL injection vulnerability.
Of the 8.3 million customers targeted by the breach, all of their emails were exposed and roughly 3.8 million hashed passwords were stolen. Most of the stolen hashed passwords were encrypted with bcrypt, however, roughly 230,000 were encrypted with MD5. The firm has stated that they plan to continue to review customer emails and passwords that circulate the web and promptly notify affected customers upon discovery.
Read More: Eight Million Freepik Users Suffer Data Compromise