Image stock site 123RF hacked; 8.3M user database leaked

According to our analysis, 123RF suffered a data breach earlier this year in March and leaked on a hacker forum on November 8th.

According to our analysis, 123RF suffered a data breach earlier this year in March while its database was leaked on a hacker forum on November 8th.

The highly popular Image stock site has been hacked and as a result, its database with 8.3 million users has been leaked on an infamous hacker forum for download.

123RF is part of Chicago, Illinois based Inmagine Group. The website is an industry giant known for selling royalty-free images to customers which include individuals and businesses around the globe. The service has more than 12 million active users.

The database has been seen and analyzed by and it can be confirmed that it contains the following:

Full names
User names
IP addresses
Phone numbers
Email addresses
Password hashes
Facebook profile links

Addresses including postcodes
Date of account registration on 123RF
Location including Country, States, and cities 

It can also be confirmed that the database was originally stolen on March 22nd, 2020, and leaked last week on an infamous hacker forum.

Sample data belonging to (Image:

Who hacked 123RF?

The hacker behind the 123RF data breach is the infamous ShinyHunters. The same hacker was behind some of the largest and high profile data breaches in 2020 including:

WattPad – 271 million accounts leaked

Dunzo – 11GB worth of data leaked – 7 million accounts leaked

Bhinneka – 1 million+ accounts leaked

Minted – 5 million accounts leaked

ProctorU – 444,267 accounts leaked

Tokopedia – 91 million accounts leaked

Couchsurfing – 17 million accounts leaked

Mashable – 5.22GB worth of database leaked

Animal Jam – 46 million user accounts leaked

What’s next for users?

The data breach is massive and contains both sensitive and personal data. What’s worse is that the leaked password hashes are in the MD5 algorithm which is easy to crack. Therefore, if you are a 123RF user it is advised that you change your email and account password right now.

Since the database also contains Facebook profile links of users along with their email address it can be a perfect opportunity for web scrappers to collect this data and sell it to advertisers. Furthermore, the presence of phone numbers in the database can also lead to SMS Phishing and Sim Swapping attacks

Has 123RF acknowledged the breach?

Although 123RF has confirmed suffering data breach to another publication, was the very first publication to alert the company of the incident but did not receive any statement from them whatsoever.

Did you enjoy reading this article? Do like our page on Facebook and follow us on Twitter.

Related Posts