Freepik Company, a graphics resources company headquartered in Europe, recently notified approximately 8.3 million users of a security breach affecting two of its brands Freepik and Flaticon. The security breach was due to a SQL injection in Flaticon that allowed an attacker to get some user’s information from the company’s database.
Security Awareness Advocate with KnowBe4 James McQuiggan, Security Awareness Advocate with KnowBe4 said, “SQL Injection is the top item on the OWASP (Open Web Application Security Project) Top 10 list for protecting websites and website applications. The reason is that it's the most common attack and usually one of the first things that cybercriminals will try when attempting to breach a website.”
While Freepik Co. determined that a cyberattack extracted the email and, when available, the hash of the password of some of the users, it clarified that the hash of the password can’t be used to log into accounts.