Free photos, graphics site Freepik discloses data breach impacting 8.3m users

Image: Freepik Company

Freepik, a website dedicated to providing access to high-quality free photos and design graphics, has disclosed today a major security breach.

The company made it official after users started grumbling on social media this week about receiving shady-looking breach notification emails in their inboxes.

ZDNet reached out to the Freepik Company on Thursday, and while we have not heard back before this article’s publication, the company formally disclosed a security breach today, confirming the authenticity of the emails it’s been sending to registered users for the past few days.

Hacker used an SQL injection to get in

According to the company’s official statement, the security breach occurred after a hacker (or hackers) used an SQL injection vulnerability to gain access to one of its databases storing user data.

Freepik said the hacker obtained usernames and passwords for the oldest 8.3 million users registered on its Freepik and Flaticon websites.

Freepik didn’t say when the breach took place, or when it found out about it. However, the company says it notified authorities as soon as it learned of the incident, and began investigating the breach, and what the hacker had accessed.

Millions of password hashes were pilfered

As for what was taken, Freepik said that not all users had passwords associated with their accounts, and the hacker only took user emails for some.

The company puts this number at 4.5 million, representing users who used federated logins (Google, Facebook, or Twitter) to log into their accounts.

“For the remaining 3.77M users the attacker got their email address and a hash of their password,” the company added. “For 3.55M of these users, the method to hash the password is bcrypt, and for the remaining 229K users the method was salted MD5. Since then we have updated the hash of all users to bcrypt.”

In the process of notifying users

The company said it’s now in the process of notifying all impacted users with customized emails, depending on what was taken. These emails are going out to Freepik and Flaticon users, depending on what service users had registered on. Below are some of these messages, as we received from our readers.



“Those who had a password hashed with salted MD5 got their password canceled and have received an email to urge them to choose a new password and to change their password if it was shared with any other site (a practice that is strongly discouraged),” Freepik said. “Users who got their password hashed with bcrypt received an email suggesting them to change their password, especially if it was an easy to guess password. Users who only had their email leaked were notified, but no special action is required from them.”

Freepik is one of today’s most popular sites on the internet, currently ranked #97 on the Alexa Top 100 sites list. Flaticon is not far behind, ranked #668.

When EQT acquired the Freepik Company at the end of May this year, the company claimed the Freepik service has a community of more than 20 million registered users.

Users registered on Slidesgo, another of the Freepik Company’s websites, don’t appear to have been impacted.

About the author

E-Crypto News was developed to assist all cryptocurrency investors in developing profitable cryptocurrency portfolios through the provision of timely and much-needed information. Investments in cryptocurrency require a level of detail, sensitivity, and accuracy that isn’t required in any other market and as such, we’ve developed our databases to help fill in information gaps.

Related Posts

E-Crypto News Executive Interviews

Automated trading with HaasBot Crypto Trading Bots

Crypto Scams

Millions in Cryptocurrency Stolen by Scammers in the Last Month According to Tenable Research
November 24, 2021
Behind The Scenes: How this Crypto Community Responded to + $50m Hack
October 18, 2021
Crypto Scams
Crypto Scams Still Persistent In 2021, SEC Warns About Red Flags To Watch
September 9, 2021
Poly Network
Here’s How Hackers Stole Over $600 million in the Poly Network Attack
August 12, 2021
The World’s Most Infamous Crypto Hacks and Scams
July 31, 2021

Blockchain/Cryptocurrency Questions and Answers

How Does Bitcoin Casino Work + 2021 Beginner’s Guide
November 8, 2021
How to Buy and Sell Cryptocurrency
November 8, 2021
What Are Bitcoin Futures And How Will They Work In 2022?
November 4, 2021
The Unconventional Guide to Ethereum
October 28, 2021
ICo Presale
The Science Behind ICO Presales…
October 14, 2021

CryptoCurrencyUSDChange 1hChange 24hChange 7d
Bitcoin33,693 0.37 % 6.35 % 21.86 %
Ethereum2,220.4 0.27 % 11.42 % 33.84 %
Tether1.000 0.36 % 0.39 % 0.02 %
Binance Coin343.96 0.22 % 10.85 % 31.01 %
USD Coin1.000 0.07 % 0.26 % 0.29 %
Cardano0.9706 1.03 % 13.76 % 31.13 %
XRP0.5673 0.02 % 8.75 % 27.22 %
Solana83.75 0.70 % 18.04 % 43.39 %
Terra61.18 0.23 % 11.38 % 29.69 %
Polkadot16.32 0.17 % 12.91 % 41.17 %

Bitcoin (BTC) $ 33,650.00
Ethereum (ETH) $ 2,217.27
Tether (USDT) $ 1.00
Binance Coin (BNB) $ 342.66
USD Coin (USDC) $ 1.00
Cardano (ADA) $ 0.971255
XRP (XRP) $ 0.567745
Solana (SOL) $ 82.92
Terra (LUNA) $ 60.85
Polkadot (DOT) $ 16.26