What Happened
In February 2024, Cutout.Pro, an AI-powered photo and video editing platform, suffered a major data breach when a threat actor using the alias “KryptonZambie” leaked 20 million user records on the BreachForums hacking forum. The breach exposed a 5.93 GB database containing approximately 41.4 million records with sensitive personal information including email addresses, hashed and salted passwords, IP addresses, names, user IDs, profile pictures, account creation dates, mobile phone numbers, and API access keys. The attacker claimed to still have access to Cutout.Pro’s systems at the time of disclosure and distributed the stolen data across multiple Telegram channels. While Cutout.Pro initially denied the breach claims, independent verification by cybersecurity researchers at Bleeping Computer and Troy Hunt (founder of Have I Been Pwned) confirmed the legitimacy of the leaked data through password reset validation and matching email addresses.
