Connect with us

Malware

Massive Data Breach: 20 Million Cutout.Pro User Records Exposed on Hacker Forum

Discover the recent data breach at Cutout.pro, a popular image-editing software, where 20 million user records were leaked on a hacker forum. Learn about the exposed information and potential risks for the affected users, as well as the company’s response to this security incident. Protect yourself from similar threats with expert advice.

Published

on

A padlock on a circuit board ensures the protection of sensitive user records.

Picture this: you find an amazing AI-powered photo and video editing platform that can do everything from enhancing images to restoring old photos. You sign up and start using it, only to discover that your personal information has been exposed in a massive data breach. This is exactly what happened to 20 million members of Cutout.Pro, and it’s a sobering reminder of the importance of cybersecurity.

What Happened to Cutout.Pro?

We’ve learned that Cutout.Pro, a popular AI-based photo and video editing platform, has suffered a data breach that exposed the personal information of 20 million members. The leaked data includes email addresses, hashed and salted passwords, IP addresses, and names.

The breach was made public when someone using the alias ‘KryptonZambie’ shared a link on the BreachForums hacking forum. This link contained CSV files with 5.93 GB of data stolen from Cutout.Pro, consisting of 41.4 million records. Of these, 20 million records included unique email addresses.

Worse still, the cybercriminal claimed they still had access to the breached system, suggesting that Cutout.Pro was unaware of the compromise at the time.

What Information Was Leaked?

From the samples we’ve seen, the data leak includes the following information:

  • User ID and profile picture
  • API access key
  • Account creation date
  • Email address
  • User IP address
  • Mobile phone number
  • Password and salt used in hashing
  • User type and account status

Have I Been Pwned (HIBP), a data breach monitoring and alerting service, added the breach to its catalog, confirming that the leaked dataset includes information for 19,972,829 people. The threat actor also shared the files on their personal Telegram channel, causing a much wider circulation of the stolen data.

Although Cutout.Pro hasn’t confirmed the security incident through an official statement, HIBP’s founder Troy Hunt verified multiple matches from the leaked email addresses, and we’ve confirmed that the emails listed in the data leak match legitimate Cutout.Pro users.

What Should You Do If You’ve Used Cutout.Pro?

If you’ve used Cutout.Pro in the past, it’s crucial that you reset your password immediately on the service and any other online platforms where you might be using the same credentials. MD5 password hashes, like the ones leaked, are considered relatively easy to crack by modern standards, so it’s a real possibility that threat actors could brute-force the leaked password hashes.

Moreover, all Cutout.Pro users should be on the lookout for targeted phishing scams that attempt to gather further information from you.

Stay Informed and Stay Safe

This data breach is a stark reminder of the importance of cybersecurity and the need to stay informed about potential threats. We’re dedicated to helping you stay informed and providing information to help keep your personal information safe. Don’t hesitate to reach out to us for more information, and keep coming back to learn more about the latest in cybersecurity.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Malware

Nexperia Chipmaker Confirms Explosive Data Breach Following Ransomware Gang’s Sinister Leak

Chipmaker Nexperia suffered a cyberattack as ransomware group ‘Grief’ leaked the company’s data. The breach exposed sensitive files, including employee information. Nexperia is working closely with law enforcement and external cybersecurity experts to investigate the incident and mitigate any potential impacts on its partners and customers.

Published

on

Picture this: a leading Dutch chipmaker, Nexperia, experiences a major cyber attack, forcing it to shut down its IT systems and launch an investigation to assess the damage. It’s a real-life scenario that unfolded in March 2024 when hackers breached the company’s network, and a ransomware gang claimed responsibility, leaking samples of supposedly stolen data.

Nexperia is no small fish in the tech pond. As a subsidiary of Chinese company Wingtech Technology, it operates semiconductor fabrication plants in Germany and the UK, producing a staggering 100 billion units that range from transistors and diodes to MOSFETs and logic devices. Employing 15,000 specialists and boasting an annual revenue of over $2.1 billion, this is a company that has a lot to lose.

Immediate Response and Investigation

Upon discovering the unauthorized access to its IT servers, Nexperia released a statement detailing its swift response. The company took action by disconnecting the affected systems from the internet, containing the incident, and implementing extensive mitigation measures.

It didn’t stop there, though. Nexperia enlisted the help of third-party experts and FoxIT to investigate the nature and scope of the breach. Furthermore, the company reported the incident to the police and data protection authorities in the Netherlands.

Enter Dunghill Leak

On April 10, the extortion site ‘Dunghill Leak’ announced its breach of Nexperia, claiming to have stolen a whopping 1 TB of confidential data. The site leaked samples of allegedly stolen files, including microscope scans of electronic components, employee passports, non-disclosure agreements, and more. It’s important to note, however, that the authenticity of these samples has not been confirmed by Nexperia.

So, what’s at stake? If the ransom demand isn’t met, Dunghill claims it will leak a vast array of sensitive data, such as design and product data, engineering data, commercial and marketing data, corporate data, client and user data, and various files and miscellaneous data, including email storage files. Some big-name brands like SpaceX, IBM, Apple, and Huawei are potentially at risk.

The Dark Angels Connection

Dunghill Leak is linked to the Dark Angels ransomware gang, which uses the data leak site to pressure attacked organizations into paying a ransom. In September 2023, we reported that Dark Angels breached building automation giant Johnson Controls and encrypted the company’s VMWare and ESXi virtual machines. The gang threatened to publish the stolen data on the Dunghill Leak website, but it never materialized.

As of now, the Dunghill Leak extortion site lists twelve victims, with data for eight either fully or partially released, while two are marked as ‘sold on the dark web.’

Stay Informed and Stay Protected

The Nexperia breach is yet another reminder of the importance of cybersecurity in today’s technologically driven world. By staying informed about the latest cyber threats, you can better protect yourself and your organization.

If you’re curious to learn more about cybersecurity and how it affects you, don’t hesitate to contact us. Keep coming back for more insights and updates on the ever-evolving world of cybersecurity. We’re here to help you stay safe in the digital age.

Continue Reading

Malware

Cisco Duo Alert: Third-Party Data Breach Unveils SMS MFA Logs – Protect Your Privacy Now!

Cisco Duo has warned customers of a third-party data breach that exposed SMS multi-factor authentication (MFA) logs, potentially compromising user security. Learn about the breach, its implications, and how to safeguard your accounts using MFA methods.

Published

on

Imagine this: you’re using a highly secure multi-factor authentication (MFA) service like Cisco Duo to protect your business, and then you find out that hackers have accessed your VoIP and SMS logs. Sounds like a nightmare, right? Well, that’s precisely what happened to some Cisco Duo customers recently.

What Went Wrong?

Cisco Duo, an MFA and Single Sign-On service used by companies for secure access to their networks and applications, serves over 100,000 customers and handles more than a billion authentications every month. But even this security giant wasn’t immune to a cyberattack on one of its telephony providers.

On April 1, 2024, an unnamed provider responsible for handling Cisco Duo’s SMS and VoIP MFA messages fell victim to a breach. The hackers obtained employee credentials through a phishing attack, gaining access to the provider’s systems and subsequently downloading SMS and VoIP MFA message logs associated with specific Duo accounts between March 1 and March 31, 2024.

What Information Was Compromised?

Thankfully, the hackers didn’t access the content of the messages or use their access to send messages to customers. However, the stolen logs did contain data that could be exploited in targeted phishing attacks to obtain sensitive information, like corporate credentials. This data included employee phone numbers, carrier information, location data, dates, times, and message types.

How Has the Situation Been Handled?

Upon discovering the breach, the affected provider immediately invalidated the compromised credentials, analyzed activity logs, and notified Cisco. They also implemented additional security measures to prevent similar incidents in the future.

Cisco Duo received all of the exposed message logs from the vendor, which customers can request by emailing [email protected] to better understand the breach’s scope, impact, and appropriate defense strategies.

What Should You Do If You’re Impacted?

If you’re one of the customers affected by this breach, it’s crucial to be vigilant against potential SMS phishing or social engineering attacks using the stolen information. Cisco’s Data Privacy and Incident Response Team advises contacting affected users and advising them to be vigilant and report any suspected social engineering attacks.

Additionally, it’s essential to educate your users on the risks posed by social engineering attacks and investigate any suspicious activity.

Not an Isolated Incident

This breach isn’t an isolated event. Last year, the FBI warned that threat actors were increasingly using SMS phishing and voice calls in social engineering attacks to breach corporate networks. In 2022, Uber experienced a similar breach after a threat actor performed an MFA fatigue attack on an employee and then contacted them on WhatsApp, pretending to be IT help desk personnel.

Although Cisco has not disclosed the supplier’s name or the number of customers impacted by this incident, it serves as a stark reminder that no system is entirely immune to cyberattacks. Stay vigilant, educate your users, and always be on the lookout for suspicious activity.

Stay Informed and Protected with Our IT Services

Don’t let your business become another statistic in the ever-growing list of cyberattack victims. Keep coming back to learn more about the latest threats and how to protect your company. And if you need assistance with your cybersecurity strategy, don’t hesitate to contact us – we’re here to help.

Continue Reading

Malware

Hacker Exposes Massive Giant Tiger Data Breach, Unleashes 2.8M Records Online

A hacker claims to have breached the Canadian retail chain Giant Tiger, leaking 28 million records online, including customers’ personal data. The hacker, known as ‘ZeroTwo’, shared a sample of the stolen data on a popular hacking forum, with details like names, addresses, and phone numbers. Giant Tiger has not yet confirmed the breach.

Published

on

Canadian retail chain Giant Tiger disclosed a data breach in March 2024.

A threat actor has now publicly claimed responsibility for the data breach and leaked 2.8 million records on a hacker forum that they claim are of Giant Tiger customers.

Data breach monitoring service HaveIBeenPwned has added the leaked database to its website to make it easy for users to check if their information was compromised.

The discount store chain operates over 260 stores and employs 8,000 people across Canada.

2.8 Million Customer Records Leaked Online

On Friday, we noticed a post titled “Giant Tiger Database – Leaked, Download!” surfacing on a hacker forum.

The threat actor behind the post claims to have uploaded the “full” database of Giant Tiger customer records stolen in March 2024.

“In March 2024, the Canadian discount store chain Giant Tiger Stores Limited… suffered a data breach that exposed over 2.8 million clients,” states the threat actor.

“The breach includes over 2.8 million unique email addresses, names, phone numbers, and physical addresses.”

The stolen data in the dump, claims the threat actor, additionally includes the “website activity” of Giant Tiger customers.

“I finally opened 60 of the 60 pages of the database section!” replied one forum member to the post, with others requesting to preview a sample of the data set. The threat actor obliged and posted a small snippet.

The data set has been leaked essentially for free. Although the download link to the set has to be unlocked by spending “8 credits,” such credits are typically trivially generated by forum members by, for example, commenting on existing posts or contributing new posts.

Threat actors often breach companies and steal sensitive data to blackmail them and extort money. Failing successful extortion, a threat actor may deliberately leak the stolen data online or sell it off on dark web marketplaces to buyers interested in conducting identity theft and phishing attacks.

Breach Caused by a Third-Party Vendor

We have not verified the authenticity of the data set, however, we did reach out to Giant Tiger with questions regarding the leak.

Without commenting on the authenticity of the leaked data, a spokesperson responded:

“On March 4, 2024, Giant Tiger became aware of a security concern related to a third-party vendor we use to manage customer communications and engagement,” a Giant Tiger spokesperson told us.

“We determined that contact information belonging to certain Giant Tiger customers was obtained without authorization. We sent notices to all relevant customers informing them of the situation.”

“No payment information or passwords were involved.”

Giant Tiger declined to share the name of the third-party vendor in question.

Records Added to HaveIBeenPwned

As of April 12th, the leaked data set has been added to the “Have I Been Pwned?” database.

HaveIBeenPwned (HIBP) is a free online service that allows users to check if their data was compromised in known data breaches.

The number of breached records associated with this incident added to the HIBP database is 2,842,669, with the service stating that 46% of these records were already in its database.

Giant Tiger customers should be wary of any suspicious emails or incoming communications that claim to be from the retailer. These could very likely be targeted phishing attempts from threat actors.

Although no payment information or passwords were exposed in this breach, signing up for an identity monitoring service could be beneficial to customers in preventing them from becoming victims of identity theft.

To stay informed and protected, keep coming back to learn more about cybersecurity and how it impacts you. Don’t hesitate to contact us if you have any questions or concerns about your online security.

Continue Reading

Trending