Cutout.Pro, an AI-powered photo and video editing platform, has fallen victim to a massive data breach, compromising the personal information of 20 million users. The breach, disclosed by a cybercriminal using the alias ‘KryptonZambie’ on a hacking forum, exposed sensitive details such as email addresses, hashed passwords, API access keys, and user IP addresses. Despite Cutout.Pro’s absence of an official statement verifying the breach, data monitoring service Have I Been Pwned (HIBP) confirmed the incident and added it to their catalog, affecting nearly 20 million individuals.
The leaked dataset, comprising 41.4 million records, includes various user details such as profile pictures, account creation dates, mobile phone numbers, and account status. Moreover, the cybercriminal responsible for the breach retains access to the compromised system, heightening concerns regarding the ongoing security implications for affected users. Given the potential for brute-force attacks on the leaked password hashes and the increased risk of targeted phishing scams, affected individuals are strongly advised to reset their passwords promptly on Cutout.Pro and any other platforms where identical credentials may have been used.
The dissemination of stolen data on the threat actor’s personal Telegram channel has exacerbated the breach’s impact, facilitating wider circulation and potentially increasing the likelihood of further exploitation. Furthermore, the use of relatively weak MD5 password hashes underscores the urgent need for enhanced security measures, particularly the adoption of more robust encryption algorithms like bcrypt. As users navigate the aftermath of this breach, heightened vigilance against phishing attempts and proactive password management are crucial steps in safeguarding personal information and mitigating the risks of further compromise.
