Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Hacker Posts 1.9 Million Pixlr User Records For Free On Forum

Hacker Posts 1.9 Million Pixlr User Records For Free On Forum

A hacker has leaked 1.9 million Pixlr user records containing information that could be used to perform targeted phishing and credential stuffing attacks.

Pixlr is a very popular and free online photo editing application with many of the same features found in a professional desktop photo editor like Photoshop. While Pixlr offers basic editing tools for free, the site also provides premium memberships that include more advanced tools, stock photos, and other features.

Over the weekend, a threat actor known as ShinyHunters shared a database for free on a hacker forum that he claims was stolen from Pixlr while he breached the 123rf stock photo site. Pixlr and 123rf are both owned by the same company, Inmagine.

Pixlr database leaked for free

ShinyHunters is a threat actor well-known for hacking into websites and selling stolen user databases in private sales or via data breach brokers. In the past, ShinyHunters has been responsible for data breaches at TokopediaHomechefMintedChatbooksDavePromoMathwayWattpad, and many more.

Also Read: 15 Best Tools For Your Windows 10 Privacy Settings Setup

The alleged Pixlr database posted by ShinyHunters contains 1,921,141 user records consisting of email addresses, login names, SHA-512 hashed passwords, a user’s country, whether they signed up for the newsletter, and other internal information.

Sample of records in the database

ShinyHunters stated he downloaded the database from the company’s AWS bucket at the end of 2020.

After sharing the database, many other threat actors who frequent the hacker forum shared their appreciation as attackers could use the data for their malicious activities.

While Pixlr has not responded to our email about the leaked database, BleepingComputer has confirmed that many of the email addresses in the database are registered Pixlr members.

What should Pixlr users do now?

As some of the exposed data is confirmed as accurate, it does appear to be a legitimate breach.

It is strongly suggested that all Pixlr users immediately change their passwords on the site out of an abundance of caution. Users should use a unique and strong password that is not used at any other site.

If the same password at Pixlr is used at other sites, you should change your password at these sites and one unique for the site.

A password manager is recommended to help you manage the unique passwords you use at different sites.

Also Read: How Formidable is Singapore Cybersecurity Masterplan 2020?

Update 1/20/2021: Article was updated to include the correct number of user records. Originally, we stated 1.4 million user records, but the actual number is 1.9 million.



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us