A couple of days ago, Experian had announced that it had suffered a data breach that affected 24 million customers. Following this, Freepik has announced that it had experienced a massive data leak that has affected the users on both the platforms, Freepik.com and Flaticon.com. Freepik is a renowned platform made for the designers that render free graphic resources. As for the information, Flaticon claims to be the most extensive database offering free icons and Freepik is its owner. As per the statement, Freepik has unveiled that a hacker has exploited an SQL vulnerability that enabled them to steal 8.3 million user data from both the platforms at the same time.
The data that has been stolen in the data breach includes the email addresses and their password hashes. Nevertheless, some of the users’ leaked information solely includes their email addresses or the social media tokens that they use for login on both of the websites. For instance, the design platform Freepik has explained the following in one of its statements –
Out of these 8.3M users, 4.5M had no hashed password because they used exclusively federated logins (with Google, Facebook and/or Twitter), and the only data the attacker obtained from these users was their email address.
For the remaining 3.77M users, the attacker got their email address and a hash of their password. For 3.55M of these users, the method to hash the password is bcrypt, and for the remaining 229K users, the method was salted MD5. Since then, we have updated the hash of all users to bcrypt.
The company has further informed that they have asked the affected users to change their passwords on both the websites along with the other sites that they might have signed with the same credentials. There is nothing to be amazed about if the leaked database of Flaticon and Freepik shows up on the dark web markets mentioning “for sale” or if they are leaked on any of the hacker forums.

Freepik and Flaticon data breach are not the only one but another online-graphic designing tool known as “Canva” had also suffered a data leak, where 139 million user accounts had been compromised and put up on the dark web forums. A very recent incident states that the hacker going by the name “ShinyHunters” has leaked dozens of databases that had been stolen from well-known companies including:
- Bhinneka – 1 million+ accounts breached
- Couchsurfing – 17 million accounts breached
- Dave.com – 7 million accounts breached
- Dunzo – 11GB worth of data breached
- Minted – 5 million accounts breached
- ProctorU – 444,267 accounts breached
- Tokopedia – 91 million accounts breached
- WattPad – 271 million accounts breached
Thus, the company has also mentioned keeping an eye on the accounts and advice to secure them with the Two-Factor Authentication or 2FA.
Source: HackRead
Disclaimer: Darkweblink.com does not promote or endorse claims that have been made by any parties in this article. The information provided here is for the general purpose only and unintended to promote or support purchasing and/or selling of any products and services or serve as a recommendation in the involvement of doing so. Neither Darkweblink.com nor any member is responsible directly or indirectly for any loss or damage caused or alleged to be caused by or in relation with the reliance on or usage of any content, goods or services mentioned in this article.