CutOut.Pro, an AI-powered platform specializing in image and video editing, faced a hacker’s claim of a data breach on February 27, 2024.
An individual who identifies themselves as KryptonZambie has come forward, claiming that they have successfully breached CutOut.Pro, a Singapore-based platform known for its AI-powered tools catering to visual design and content creation, particularly in the domain of image and video editing.
The data trove extracted from the breach has been leaked on notorious cybercrime and hacker forums, including Breach Forums, and is currently circulating within Russian language forums.
What’s in the data?
Regarding the contents of the leaked data, an in-depth analysis conducted by Hackread.com reveals that the records comprise the following information:
- Full names
- IP addresses
- Email addresses
- Password hashes
- Data of account sign-up
Contrary to the hacker’s claims in their listing, the analysis conducted by Hackread indicates that the leaked data does not include phone numbers, API access, or app keys.
CutOut.Pro Response to Hackread.com
Hackread.com has been monitoring the situation since the hacker’s disclosure on February 27th, 2024, and thereupon reached out to CutOut.Pro for their perspective. The company’s marketing department responded the following day, denying any evidence of a data breach and labelling the leak as a “clear scam.”
In addition, the company refuted the hacker’s claims by stating that they “never received any emails from users stating that their accounts have been hacked or their information leaked.”
However, Hackread.com provided a sample of the data to the company’s department and emphasized that users might not have contacted them due to the encrypted nature of passwords on CutOut.Pro. This encryption could potentially prolong the process for hackers attempting to decipher the passwords.
Following the exchange of information, Hackread.com did not receive further communication from CutOut.Pro regarding the matter.
Does the data belong to CutOut.Pro?
While CutOut.Pro has not officially confirmed the authenticity of the data breach, evidence suggests that the breach is legitimate and the data likely belongs to CutOut.Pro. This conclusion is supported by the presence of numerous email addresses hosted on @CutOut.Pro domains within the leaked data.
We also verified 20 email addresses from the leak by attempting to register them on the CutOut.Pro website. However, all 20 attempts prompted a message indicating they were already registered.
Furthermore, the fact that HaveIbeenPwned has indexed the data on its platform adds weight to the likelihood of the breach affecting CutOut.Pro users. As a precautionary measure, users with accounts on CutOut.Pro are advised to change their passwords on the platform and also update their email passwords.
Additionally, users should remain alert for phishing attempts that may masquerade as communications from CutOut.Pro. These emails could be designed to deceive users into disclosing their login credentials, posing a risk to their security.
For insights, we reached out to Nick Tausek, Lead Security Automation Architect at Swimlane who stated “This incident reaffirms the need for organizations that manage the sensitive personal information of millions of individuals to prioritize cybersecurity, shifting from a reactive to a proactive approach. By utilizing automated platforms, security teams can eliminate the need for complex coding, standardize threat detection and alert monitoring, and provide visibility across systems.”
Not the first time
This isn’t the first time CutOut.Pro has made headlines for the wrong reasons. In February 2023, one of their Elasticsearch servers spilled a whopping 9 GB of customer data. Within that data were over 22 million log entries, mentioning usernames for both individual users and business accounts.
The server also housed details about user credits, serving as a virtual in-game currency, and links to Amazon S3 buckets where generated images were stored.
Rising Incidents of Data Breaches
The beginning of 2024 has witnessed a noticeable uptick in data breaches affecting diverse sectors, including corporate entities and governmental organizations. On February 23 2024, a threat actor using the alias IntelBroker leaked 2.4 million data belonging to private plane owners linked to the Los Angeles International Airport.
Just recently, Infosys disclosed a breach that affected more than 57,000 Bank of America customers. In the initial weeks of the same month, two prominent US insurance firms, Washington National Insurance Company and Bankers Life and Casualty Company, reported breaches stemming from SIM-swapping incidents, impacting over 66,000 customers collectively.
In January, Jason’s Deli fell victim to a significant breach, exposing the personal details of over 344,000 users due to a successful credential-stuffing attack. Simultaneously, hackers targeted Indian ISP Hathway, compromising the personal information and KYC records of over 4 million unsuspecting customers.