{ "id": "5b24ee0d-669a-4334-8ce3-399fd65bcf52", "created_at": "2026-04-06T03:35:49.267349Z", "updated_at": "2026-04-10T13:12:38.469696Z", "deleted_at": null, "sha1_hash": "993a6561ddc970690d5bb473ccfbb04124a69034", "title": "Hacker posts 1.9 million Pixlr user records for free on forum", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 3184073, "plain_text": "Hacker posts 1.9 million Pixlr user records for free on forum\r\nBy Lawrence Abrams\r\nPublished: 2021-01-20 · Archived: 2026-04-06 03:14:59 UTC\r\nA hacker has leaked 1.9 million Pixlr user records containing information that could be used to perform targeted phishing\r\nand credential stuffing attacks.\r\nPixlr is a very popular and free online photo editing application with many of the same features found in a professional\r\ndesktop photo editor like Photoshop. While Pixlr offers basic editing tools for free, the site also provides premium\r\nmemberships that include more advanced tools, stock photos, and other features.\r\nOver the weekend, a threat actor known as ShinyHunters shared a database for free on a hacker forum that he claims was\r\nstolen from Pixlr while he breached the 123rf stock photo site. Pixlr and 123rf are both owned by the same company,\r\nInmagine.\r\nhttps://www.bleepingcomputer.com/news/security/hacker-posts-19-million-pixlr-user-records-for-free-on-forum/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/hacker-posts-19-million-pixlr-user-records-for-free-on-forum/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nPixlr database leaked for free\r\nShinyHunters is a threat actor well-known for hacking into websites and selling stolen user databases in private sales or via\r\ndata breach brokers. In the past, ShinyHunters has been responsible for data breaches at Tokopedia, Homechef, Minted,\r\nChatbooks, Dave, Promo, Mathway, Wattpad, and many more.\r\nThe alleged Pixlr database posted by ShinyHunters contains 1,921,141 user records consisting of email addresses, login\r\nnames, SHA-512 hashed passwords, a user's country, whether they signed up for the newsletter, and other internal\r\ninformation.\r\nSample of records in the database\r\nShinyHunters stated he downloaded the database from the company's AWS bucket at the end of 2020.\r\nAfter sharing the database, many other threat actors who frequent the hacker forum shared their appreciation as attackers\r\ncould use the data for their malicious activities.\r\nWhile Pixlr has not responded to our email about the leaked database, BleepingComputer has confirmed that many of the\r\nemail addresses in the database are registered Pixlr members.\r\nWhat should Pixlr users do now?\r\nAs some of the exposed data is confirmed as accurate, it does appear to be a legitimate breach.\r\nIt is strongly suggested that all Pixlr users immediately change their passwords on the site out of an abundance of caution.\r\nUsers should use a unique and strong password that is not used at any other site.\r\nIf the same password at Pixlr is used at other sites, you should change your password at these sites and one unique for the\r\nsite.\r\nA password manager is recommended to help you manage the unique passwords you use at different sites.\r\nhttps://www.bleepingcomputer.com/news/security/hacker-posts-19-million-pixlr-user-records-for-free-on-forum/\r\nPage 3 of 4\n\nUpdate 1/20/2021: Article was updated to include the correct number of user records. Originally, we stated 1.4 million user\r\nrecords, but the actual number is 1.9 million.\r\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/hacker-posts-19-million-pixlr-user-records-for-free-on-forum/\r\nhttps://www.bleepingcomputer.com/news/security/hacker-posts-19-million-pixlr-user-records-for-free-on-forum/\r\nPage 4 of 4", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "origins": [ "web" ], "references": [ "https://www.bleepingcomputer.com/news/security/hacker-posts-19-million-pixlr-user-records-for-free-on-forum/" ], "report_names": [ "hacker-posts-19-million-pixlr-user-records-for-free-on-forum" ], "threat_actors": [ { "id": "c071c8cd-f854-4bad-b28f-0c59346ec348", "created_at": "2023-11-08T02:00:07.132524Z", "updated_at": "2026-04-10T02:00:03.422366Z", "deleted_at": null, "main_name": "ShinyHunters", "aliases": [], "source_name": "MISPGALAXY:ShinyHunters", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "6f7f2ed5-f30d-4a99-ab2d-f596c1d413b2", "created_at": "2025-10-24T02:04:50.086223Z", "updated_at": "2026-04-10T02:00:03.770068Z", "deleted_at": null, "main_name": "GOLD CRYSTAL", "aliases": [ "Scattered LAPSUS$ Hunters", "ShinyCorp", "ShinyHunters" ], "source_name": "Secureworks:GOLD CRYSTAL", "tools": [], "source_id": "Secureworks", "reports": null }, { "id": "d8dff631-87b0-4320-8352-becff28dbcf1", "created_at": "2022-10-25T16:07:24.565038Z", "updated_at": "2026-04-10T02:00:05.034516Z", "deleted_at": null, "main_name": "ShinyHunters", "aliases": [], "source_name": "ETDA:ShinyHunters", "tools": [], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775446549, "ts_updated_at": 1775826758, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/993a6561ddc970690d5bb473ccfbb04124a69034.pdf", "text": "https://archive.orkl.eu/993a6561ddc970690d5bb473ccfbb04124a69034.txt", "img": "https://archive.orkl.eu/993a6561ddc970690d5bb473ccfbb04124a69034.jpg" } }