{
	"id": "68b8268c-96cc-4f67-a449-650f4940fae0",
	"created_at": "2026-04-06T00:08:36.124653Z",
	"updated_at": "2026-04-10T13:12:42.222264Z",
	"deleted_at": null,
	"sha1_hash": "01ab91ce36ab5006c0b342dc3fac54162f68b3dc",
	"title": "Popular stock photo service hit by data breach, 8.3M records for sale",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 890026,
	"plain_text": "Popular stock photo service hit by data breach, 8.3M records for sale\r\nBy Lawrence Abrams\r\nPublished: 2020-11-12 · Archived: 2026-04-05 14:03:22 UTC\r\nStock photo site 123RF has suffered a data breach after a hacker began selling a database containing 8.3 million user records\r\non a hacker forum.\r\n123RF is a popular stock photo and vector site that sells royalty-free images, videos, and audio to be used on websites,\r\nprinted content, and videos. According to SimilarWeb, 123RF receives over 26 million visitors per month.\r\nOver the past weekend, a known data breach broker began selling a database containing 8.3 million user records stolen from\r\n123RF.com during a data breach.\r\nhttps://www.bleepingcomputer.com/news/security/popular-stock-photo-service-hit-by-data-breach-83m-records-for-sale/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/popular-stock-photo-service-hit-by-data-breach-83m-records-for-sale/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\n123RF database sold on a hacker forum\r\nFrom the samples of the database seen by BleepingComputer, the stolen data includes a 123RF members' full name, email\r\naddress, MD5 hashed passwords, company name, phone number, address, PayPal email if used, and IP address. There is no\r\nfinancial information stored in the database.\r\nSample of the stolen 123RF user database\r\n123RF confirms data breach\r\nAfter emailing 123RF earlier this week, BleepingComputer received an email from Inmagine Group, the owner of 123RF,\r\nstating that a server located at their data center was breached and the hackers \"proceeded to copy the membership data.\"\r\nBased on the site of the sold database, Inmagine Group states that the database is likely outdated and is not the latest version\r\nfrom 2020. In the samples seen by BleepingComputer, the newest record date is from October 27th, 2019.\r\nWhile the company states that the passwords are encrypted, the passwords are MD5 hashes. Unfortunately, using online\r\nMD5 cracking tools, BleepingComputer could easily retrieve the plain-text passwords for numerous accounts.\r\nInmagine Group states that they are working with law enforcement and have begun notifying affected 123RF members.\r\n\"We are actively notifying the necessary authorities and 123RF.com members to work with them to remedy the situation. We\r\nare also tightening the security policies to include tighter passwords and IP detection to combat suspicious log-ins.\"\r\n\"Our security infrastructure is always under a constant state of security testing, penetration and development, especially in\r\nthe past year.\"\r\nhttps://www.bleepingcomputer.com/news/security/popular-stock-photo-service-hit-by-data-breach-83m-records-for-sale/\r\nPage 3 of 4\n\n\"We wish to reiterate that we take the privacy and data of our customers seriously and have at all times been vigilant with\r\nthe handling of our customer’s data,\" Inmagine Group shared with BleepingComputer.\r\nWhat 123RF customers should do\r\nWhile the passwords leaked in this data breach were hashed, as explained, it is possible to crack the stolen passwords using\r\nbrute force tools, word lists, and even online dehashing sites.\r\nAfter a user's password is cracked, threat actors would be able to use them to log in to other sites you may have an account.\r\nTherefore, if you are a 123RF customer, you should immediately change your password to a strong and unique one.\r\nIf that same password was used at another site, you should change it at any other site that also uses it.\r\nWhen changing your passwords, be sure to use a unique and strong password at every site so that a data breach does not\r\naffect your account at other companies.\r\nA password manager can make it much easier to use unique passwords at every site and is highly recommended.\r\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/popular-stock-photo-service-hit-by-data-breach-83m-records-for-sale/\r\nhttps://www.bleepingcomputer.com/news/security/popular-stock-photo-service-hit-by-data-breach-83m-records-for-sale/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/popular-stock-photo-service-hit-by-data-breach-83m-records-for-sale/"
	],
	"report_names": [
		"popular-stock-photo-service-hit-by-data-breach-83m-records-for-sale"
	],
	"threat_actors": [],
	"ts_created_at": 1775434116,
	"ts_updated_at": 1775826762,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/01ab91ce36ab5006c0b342dc3fac54162f68b3dc.pdf",
		"text": "https://archive.orkl.eu/01ab91ce36ab5006c0b342dc3fac54162f68b3dc.txt",
		"img": "https://archive.orkl.eu/01ab91ce36ab5006c0b342dc3fac54162f68b3dc.jpg"
	}
}