3 December 2024

Data Breach at Cutout.Pro: Personal Information of 20 Million Users Leaked

2 min read

In a recent data breach, Cutout-Pro, an AI-powered image and video editing platform, has exposed the personal information of 20 million users. The data breach has revealed sensitive details such as email addresses, hashed and salted passwords, IP addresses, and user names.

Cutout-Pro is widely known for its advanced features in photo and video editing, including background removal, image enhancement, colorizing, and restoration of old photographs. However, on Tuesday, a hacker using the alias “KryptonZambie” posted a link on the BreachForums, a notorious hacking platform, sharing files amounting to 5.93 GB of stolen data.

The stolen data, shared in CSV format, includes 41.4 million records. Out of these, 20 million records consist of unique email addresses. This massive leak contains what is suspected to be a database dump, exposing a variety of user information.

Additionally, the hacker claimed to have continued access to Cutout-Pro’s system, indicating that the platform might still be vulnerable to further breaches. This suggests that the company had not yet identified or fixed the breach when the data was released.

The leaked data includes:

  • User ID and profile pictures
  • API access keys
  • Account creation dates
  • Email addresses
  • IP addresses
  • Mobile phone numbers
  • Salted and hashed passwords
  • User type and account status

The hacker has also distributed the stolen files through their personal Telegram channel, causing the data to spread more rapidly across the internet.

While Cutout-Pro has yet to issue an official statement acknowledging the breach, Troy Hunt, the founder of Have I Been Pwned (HIBP), independently verified that some of the leaked email addresses were legitimate. Password reset requests for these email addresses were successfully processed, further confirming the authenticity of the leak.

BleepingComputer, a prominent tech news website, has also confirmed that the leaked data contains legitimate user information. The website reached out to Cutout.Pro on multiple occasions, but there has been no response from the company so far. Hunt also made similar attempts to contact the company, but received no replies.

For anyone who has used Cutout-Pro in the past, it is highly recommended to reset your password immediately. This is especially important if you have reused the same password on other platforms. Modern password-cracking techniques can easily break through older hashing algorithms like MD5, making it essential to switch to more secure hashing methods like bcrypt.

Moreover, Cutout-Pro users should stay vigilant against phishing attacks that may follow the breach. Scammers often take advantage of such situations to collect more personal information through targeted email scams.

In conclusion, while Cutout-Pro has not officially responded to the breach, users should take necessary precautions to safeguard their accounts and personal data. The widespread availability of the stolen data could have long-term consequences for those affected by the breach.