What Happened
In March 2020, specifically around March 1-22, the stock photo platform 123RF (a Malaysia-based royalty-free image service under Inmagine Group) suffered a data breach when attackers exploited vulnerabilities at its data center to access and exfiltrate a database containing over 8.6 million user records (figures vary slightly across sources from 8.3-8.7 million). The exposed data included usernames, email addresses (including PayPal and Facebook-linked ones), full names, physical addresses, phone numbers, IP addresses, company names, social media links, profile URLs, and MD5-hashed passwords, which were vulnerable to cracking; no financial details were compromised. The stolen dataset, dating back as early as 2006 but with recent entries up to March 2020, surfaced for sale on hacker forums (including a Russian one) in November 2020, prompting 123RF to notify authorities and users, tighten security with stronger passwords and IP detection, and urge password changes.
