Skip to Content
© Sharaf Maksumov | Dreamstime.com
Security & privacy

1.9 million records leaked after online photo editor hacked

There are tons of easy-to-use photo editing apps available. Whether you’re looking for a quick glow-up from the Facetune app or need an app that can help you create the perfect image, you’ve got plenty of options.

One of the best free online editors that we’ve recommended in the past is Pixlr. This free photo editor offers a ton of helpful tools. But a recent hack gave cybercriminals access to millions of users’ records, which could lead to some pretty serious issues.

Given that we have recommended this app before, we wanted to bring these potential problems to your attention. Here’s what happened with the data leak and what you can do to protect yourself if your information was compromised.

The Pixlr photo editor breach

Pixlr has always been known as one of the better photo editing apps, in major part because it offers similar features and tools found in professional photo editing programs like Photoshop. The difference is that Pixlr offers many of those tools for free while also offering a wide array of premium tools for paid members.

Those free tools have helped launch Pixlr to the top of the app charts, but a recent hack has caused serious issues. A hacking group recently gained access to Pixlr’s site, leaking about 1.9 million Pixlr users’ records with information that could put them at risk.

The group behind the hack is known as ShinyHunters, and it’s been notorious for hitting all kinds of businesses in the past. We’ve covered issues with them before. Tap or click here for a recent example of its hacks.

This time around, the group targeted Pixlr, and the sheer amount of user information leaked is astounding. Not only did they leak information from nearly 2 million user accounts, but this information could end up being used to perform targeted phishing and credential stuffing attacks.

Related: Say cheese! 10 best photo editing apps for Android

This information was leaked over the weekend via a database that was posted on a hacker forum. According to the post, Pixlr was compromised while the hackers breached the 123rf stock photo site. Inmagine owns both Pixlr and 123rf.

It appears the database shared on the site contains a ton of user information that could be mined for other uses. The database contains approximately 1,921,141 user records and includes information on email addresses, login names, SHA-512 hashed passwords, the user’s country and other internal information.

Unsurprisingly, the hackers’ response on the forum was that the information in the database could help pull off all sorts of cybercrime. Information in these types of data leaks is often used for a wide range of digital crimes — from phishing to identity theft or to access other personal accounts.

If you’re a Pixlr user, you need to be aware of the potential for your information to be on this list. Tons of risks come with your personal information being made public across the web, so if you’re concerned, you need to take steps to protect yourself.

What to do if your data was breached

If you’re a Pixlr user, the first thing you need to do is check whether your personal information was shared as part of the leak. That’s simple to do by inputting your information into a site like HaveIBeenPwned, which checks your information against recent data breaches in its system. F-Secure is another good option.

You should also change your Pixlr account password. Do this whether or not your information was listed as part of the data leak. Use a strong password, and don’t repeat the password from account to account. Tap or click here for help creating strong passwords.

Make sure you also change the password to your email account. This can be easily overlooked when you’re changing app and bank account passwords, but you don’t want someone else getting access to your inbox. There’s too much valuable information in there to risk it.

You may also want to set up two-factor authentication for all accounts that offer it. This two-step login process makes it difficult for cybercriminals to access your accounts. Tap or click here to see how to set up 2FA.

Stop robocalls for good with Kim’s eBook

Robocalls interrupt us constantly and scam Americans out of millions of dollars every year. Learn Kim's best tricks for stopping annoying robocalls in this handy guide.

Get the eBook