Connect with us

Malware

Massive Data Breach: 20 Million Cutout.Pro User Records Exposed on Hacker Forum

Discover the recent data breach at Cutout.pro, a popular image-editing software, where 20 million user records were leaked on a hacker forum. Learn about the exposed information and potential risks for the affected users, as well as the company’s response to this security incident. Protect yourself from similar threats with expert advice.

Published

on

A padlock on a circuit board ensures the protection of sensitive user records.

Picture this: you find an amazing AI-powered photo and video editing platform that can do everything from enhancing images to restoring old photos. You sign up and start using it, only to discover that your personal information has been exposed in a massive data breach. This is exactly what happened to 20 million members of Cutout.Pro, and it’s a sobering reminder of the importance of cybersecurity.

What Happened to Cutout.Pro?

We’ve learned that Cutout.Pro, a popular AI-based photo and video editing platform, has suffered a data breach that exposed the personal information of 20 million members. The leaked data includes email addresses, hashed and salted passwords, IP addresses, and names.

The breach was made public when someone using the alias ‘KryptonZambie’ shared a link on the BreachForums hacking forum. This link contained CSV files with 5.93 GB of data stolen from Cutout.Pro, consisting of 41.4 million records. Of these, 20 million records included unique email addresses.

Worse still, the cybercriminal claimed they still had access to the breached system, suggesting that Cutout.Pro was unaware of the compromise at the time.

What Information Was Leaked?

From the samples we’ve seen, the data leak includes the following information:

  • User ID and profile picture
  • API access key
  • Account creation date
  • Email address
  • User IP address
  • Mobile phone number
  • Password and salt used in hashing
  • User type and account status

Have I Been Pwned (HIBP), a data breach monitoring and alerting service, added the breach to its catalog, confirming that the leaked dataset includes information for 19,972,829 people. The threat actor also shared the files on their personal Telegram channel, causing a much wider circulation of the stolen data.

Although Cutout.Pro hasn’t confirmed the security incident through an official statement, HIBP’s founder Troy Hunt verified multiple matches from the leaked email addresses, and we’ve confirmed that the emails listed in the data leak match legitimate Cutout.Pro users.

What Should You Do If You’ve Used Cutout.Pro?

If you’ve used Cutout.Pro in the past, it’s crucial that you reset your password immediately on the service and any other online platforms where you might be using the same credentials. MD5 password hashes, like the ones leaked, are considered relatively easy to crack by modern standards, so it’s a real possibility that threat actors could brute-force the leaked password hashes.

Moreover, all Cutout.Pro users should be on the lookout for targeted phishing scams that attempt to gather further information from you.

Stay Informed and Stay Safe

This data breach is a stark reminder of the importance of cybersecurity and the need to stay informed about potential threats. We’re dedicated to helping you stay informed and providing information to help keep your personal information safe. Don’t hesitate to reach out to us for more information, and keep coming back to learn more about the latest in cybersecurity.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Malware

Australia’s Top Non-Bank Lender Issues Dire Warning of Massive Data Breach

Australian non-bank lender Firstmac has warned customers of a potential data breach. The mortgage provider discovered unauthorized access to its client relationship management system. Firstmac urged clients to remain vigilant and monitor their accounts, while assuring that no financial data was compromised. The company is working with cybersecurity experts to investigate the incident.

Published

on

Firstmac Limited, a major player in Australia’s financial services industry, recently experienced a data breach. Just one day after the new Embargo cyber-extortion group claimed to have stolen over 500GB of data from the company, Firstmac began warning customers of the incident.

With a focus on mortgage lending, investment management, and securitization services, Firstmac is headquartered in Brisbane, Queensland. The company has issued 100,000 home loans and currently manages $15 billion in mortgages, employing 460 people.

Recently, we came across a sample of the notification letter sent to Firstmac customers, which detailed the severity of the data breach.

Tweet

The letter explained that an unauthorized third party accessed part of Firstmac’s IT system. Upon detecting the incident, the company immediately took steps to secure their system.

Following an investigation conducted with the help of external cybersecurity experts, Firstmac confirmed that the following information was compromised:

  • Full name
  • Residential address
  • Email address
  • Phone number
  • Date of birth
  • External bank account information
  • Driver’s license number

Despite the breach, Firstmac assured customers that their accounts and funds remain secure, and the company has since strengthened its systems.

Among the security measures introduced is a new requirement for all account changes to confirm the user’s identity using two-factor authentication or biometrics. Customers who received the notice are also provided with free identity theft protection services through IDCare and are advised to remain cautious with unsolicited communications and regularly check their account statements for unusual activity.

New Embargo gang claimed the attack

Australian news outlets reported about the attack on Firstmac in late April after the Embargo extortion group announced it on its data leak site.

On Thursday, Embargo leaked all data they claimed to have stolen from Firstmac’s systems, including documents, source code, email addresses, phone numbers, and database backups.

Embargo leak
Embargo leak of Firstmac data
Source: IT Services

The new threat group currently only lists two victims on its extortion page, and it’s unclear whether they committed the breaches themselves or bought the stolen data from others to blackmail the owners.

Samples of Embargo encryptors have yet to be found, so it’s unknown if they are a ransomware group or simply focus on extortion.

As cybersecurity threats continue to evolve, it’s crucial to stay informed and vigilant. We encourage you to keep coming back to learn more about the latest developments in cybersecurity and how you can better protect your personal information. Don’t hesitate to reach out to us if you have any concerns or questions regarding your own cybersecurity needs.

Continue Reading

Malware

Exclusive: Post-Millennial Data Breach Exposes 26 Million People’s Sensitive Information

Discover how a data breach at The Post Millennial exposed personal data of 26 million users, including emails, phone numbers, and usernames. Learn about the hacker’s motives and subsequent arrest, as well as steps taken to mitigate the damage and prevent future cyberattacks. Stay informed about online security and protect your digital assets.

Published

on

Massive Data Leak Affects Millions of News Website Users

Have you ever had that sinking feeling when you realize your personal information has been exposed in a data breach? Well, 26,818,266 people are experiencing that feeling right now, as their data was leaked in a recent hack of The Post Millennial, a conservative news website.

The Post Millennial is a Canadian online news magazine that’s part of the Human Events Media Group, which also operates the American ‘Human Events’ news platform. Earlier this month, both news platforms were hacked, and their front pages were defaced with fake messages, supposedly from The Post Millennial’s editor, Andy Ngo.

What was stolen and leaked?

The hackers claimed to have stolen the company’s mailing lists, subscriber database, and personal details of its writers and editors. They even shared links to the stolen data on the defaced pages. The data quickly spread online, appearing in torrents and hacking forums, making it easy for anyone to download and potentially misuse.

BreachForums post

The exposed data includes:

  • Full Names
  • Email addresses
  • Usernames
  • Account Passwords
  • IP addresses
  • Phone numbers
  • Physical addresses
  • Genders

This data is said to belong to writers, editors, and subscribers of the sites, which could pose significant privacy and security risks to those affected.

Have I Been Pwned steps in to help

Yesterday, Troy Hunt added the data to the Have I Been Pwned (HIBP) data breach notification service. However, it should be noted that the data hasn’t been confirmed to have been stolen directly from Human Events or The Post Millennial.

Despite this uncertainty, Hunt decided to add the data to HIBP to alert affected users. According to HIBP’s post, the breach resulted in the defacement of the website and links to three different sets of data. Some of these data sets included personal information of writers, editors, and subscribers, while others contained millions of email addresses from mailing lists allegedly used by The Post Millennial.

As Troy Hunt tweeted, although the data was leaked during The Post Millennial defacement, it’s unclear where it originally came from.

No official statement yet from The Post Millennial

As of writing this, The Post Millennial hasn’t issued a public statement about the site’s defacement or warned its subscribers about potential data exposure. We have contacted both The Post Millennial and Human Events for a comment but have not received a reply.

What can you do if you’re affected?

In the meantime, if you’re a subscriber to the mentioned news outlets, we recommend resetting your passwords and monitoring your account activity closely. Also, be extra vigilant with all communications, such as emails, calls, and SMS, especially if they’re related to your account on these websites.

Keep coming back to learn more

As an AI with expertise in cybersecurity, my mission is to help you stay informed and protected. To keep up with the latest news and advice, make sure to check our IT Services regularly. And don’t hesitate to contact us if you have any questions or concerns.

Continue Reading

Malware

Europol Verifies Web Portal Hack: Asserts No Crucial Data Compromised

Europol has confirmed that its public web portal was breached, but claims no operational data was stolen. The European Union law enforcement agency stated that the attack was quickly contained and that security measures have been reinforced to prevent further incidents.

Published

on

Update: May 13, 12:09 EDT: Europol sent IT Services a follow-up statement saying the attackers likely breached the EPE web portal using stolen credentials.

​Europol, the European Union’s law enforcement agency, recently confirmed that its Europol Platform for Experts (EPE) portal was breached. The agency is now investigating the incident after a threat actor claimed they stole For Official Use Only (FOUO) documents containing classified data.

EPE is an online platform that law enforcement experts use to “share knowledge, best practices, and non-personal data on crime.”

“Europol is aware of the incident and is assessing the situation. Initial actions have already been taken. The incident concerns a Europol Platform for Expert (EPE) closed user group,” Europol told us.

“No operational information is processed on this EPE application. No core systems of Europol are affected and therefore, no operational data from Europol has been compromised.”

We also asked when the breach occurred and whether it is true FOUO and classified documents were stolen as claimed by the threat actor, but a response was not immediately available.

The hardcopy personnel records of Catherine De Bolle, Europol’s executive director, and other senior agency officials had also leaked before September 2023, as reported by Politico in March.

“On Sep. 6, 2023, the Europol Directorate was informed that personal paper files of several Europol staff members had disappeared,” a note dated September 18 and shared on an internal message board system said.

“Given Europol’s role as law enforcement authority, the disappearance of personal files of staff members constitutes a serious security and personal data breach incident.”

At publication time, the EPE website was offline, and a message said the service was unavailable because it was under maintenance.

Europol EPE under maintenance
Europol EPE under maintenance (IT Services)

​IntelBroker, the threat actor behind the data breach claims, describes the files as being FOUO and containing classified data.

The threat actor says the allegedly stolen data includes information on alliance employees, FOUO source code, PDFs, and documents for recon and guidelines.

They also claim to have gained access to EC3 SPACE (Secure Platform for Accredited Cybercrime Experts), one of the communities on the EPE portal, hosting hundreds of cybercrime-related materials and used by over 6,000 authorized cybercrime experts from around the world, including:

  • Law enforcement from EU Member States’ competent authorities and non-EU countries;
  • Judicial authorities, academic institutions, private companies, non-governmental and international organizations;
  • Europol staff

IntelBroker also says they compromised the SIRIUS platform used by judicial and law enforcement authorities from 47 countries, including EU member states, the United Kingdom, countries with a cooperation agreement with Eurojust, and the European Public Prosecutor’s Office (EPPO).

SIRIUS is used to access cross-border electronic evidence in the context of criminal investigations and proceedings

Besides leaking screenshots of EPE’s online user interface, IntelBroker also leaked a small sample of an EC3 SPACE database allegedly containing 9,128 records. The sample contains what looks like the personal information of law enforcement agents and cybercrime experts with access to the EC3 SPACE community.

“PRICING: Send offers. XMR ONLY. Message me on the forums for a point of contact. Proof of funds is required. I am only selling to reputable members,” the threat actor says in a Friday post on a hacking forum.

Alleged Europol breach
Alleged Europol breach (IT Services)

​Who is IntelBroker?

Since December, this threat actor has been leaking data he allegedly stole from various government agencies, such as ICE and USCIS, the Department of Defense, and the U.S. Army.

It is unclear whether these incidents are also connected to the alleged April 2024 Five Eyes data leak, but some of the data dumped in the ICE/USCIS forum post overlaps with the Five Eyes post.

IntelBroker became known after breaching DC Health Link, which manages health care plans for U.S. House members, staff, and families.

The breach led to a congressional hearing after the personal data of 170,000 affected individuals, including U.S. House of Representatives members and staff, was exposed.

Other cybersecurity incidents linked to this threat actor are the breaches of Hewlett Packard Enterprise (HPE), Home Depot, the Weee! grocery service, and an alleged breach of General Electric Aviation.

Earlier this week, IntelBroker also started selling access information to the network of cloud security company Zscaler (i.e., “logs packed with credentials, SMTP Access, PAuth Pointer Auth Access, SSL Passkeys & SSL Certificates”).

Zscaler later confirmed they discovered an “isolated test environment” exposed online, which was taken offline for forensic analysis even though no company, customer, or production environments were impacted. Zscaler has also hired an incident response firm to run an independent investigation.

Update May 13, 12:09 EDT: In an updated statement to IT Services, Europol says that the portal was not hacked through a vulnerability or a misconfiguration, but, instead, the attackers gained access to the data using stolen credentials.

The attempt took place recently and was discovered immediately. Neither Europol’s core system nor operational systems were hacked, which means no operational data from Europol has been compromised.

The Europol Expert Platform (EPE) was also not hacked. The only way to gain unauthorized access to the system was through email or password compromise. Only a small and limited part of the EPE (closed user group) could be accessed via the unauthorized access.

The Europol Expert Platform (EPE) holds neither operational nor confidential, nor personal data and no operational information is processed on the EPE. Rather, it is a collaborative web platform for specialists in various areas of law enforcement to exchange ideas. The EPE has a number of tools for content management, such as blogs or instant messaging forums, calendars and a wiki. The platform has over 20,000 users. — Europol

As we learn more about this breach and others like it, it’s crucial to stay informed and vigilant. At IT Services, we’re committed to keeping you updated on the latest cybersecurity news and helping you protect your personal and professional life. Be sure to stay connected with us for more information, and reach out if you need assistance with your cybersecurity needs!

Continue Reading

Trending