Cutout for AI services. A data breach at Pro exposed the personal data of 20 million users, including email addresses, passwords that have been hashed and salted, IP addresses, and names.
Cutout. For content generation, image enhancement, background removal, diffusion, colorization, old photo restoration, and content generation, Pro is an AI-powered photo and video editing platform.
A hacker using the alias” KryptonZambie” posted a link to 5.93 GB of data stolen from Cutout on the BreachForums hacking forum on Tuesday. Pro.  ,
These CSV files appear to be a database dump with 41.4 million records, 20 million of which contain unique email addresses.
The victim was n’t aware of the compromise until after the data was released, according to the cybercriminal, who added that they still had access to the breached system.
The data that was leaked, according to samples seen by BleepingComputer, includes the following:
- User ID and profile photo
- Key for API access
- Date of account creation
- Email address
- User IP address
- phone number for use on a mobile device
- Hashing uses a password and salt.
- User type and account status
Have I Been Pwned ( HIBP), a data breach monitoring and alerting service, added the breach yesterday and confirmed that the leaked dataset contains the data for 19, 972, 829 people.
Additionally, the threat actor posts the files to their personal Telegram channel, which results in a much greater data movement.
Though Cutout. According to HIBP’s founder, Troy Hunt, who independently verified several matches from the leaked email addresses and confirmed that password reset requests went through, Pro has not verified the security incident from their side in an official statement.
BleepingComputer confirmed yesterday that the emails listed in the data leak correspond to legitimate Cutout. users for profit.
BleepingComputer emailed the business today and yesterday, but it never responded. Hunt claims to have made similar attempts to contact the service provider.
If you have employed Cutout. Prior to using the service and any other online platforms where you might be using the same credentials, it was advised to reset your password right away.
Modern standards consider MD5 password hashes to be relatively simple to crack, so more secure algorithms like bcrypt have taken their place. Therefore, it’s possible for threat actors to brute-force the password hashes that have been leaked.
Additionally, they are all Cutout. Pro users should be on the lookout for phishing scams that target users and seek out additional information.