AI Platform, Cutout.pro, data breach exposed 20 million records

On Tuesday, February 27th, a cybercriminal using the alias KryptonZambie shared a link on the BreachForums hacking forum which contains 9GB of leaked data of Cutout.pro, an AI-based website. The data that has been breached is about 9GB and it contains 41.4 million records related to 20 million users leaked, however, the real number of victim users is not specifically clear.

The leaked information includes:

• User ID
• Email address
• User IP
• Mobile phone number
• Profile picture
• API access key
• Account creation date,
• Password (Hashed)
• salt used in hashing
• user type
• account status
• requested images or videos.

HackCheck has quickly indexed these records, allowing you to check if your data is included in the leaked records by using HackCheck’s Data breach search engine dashboard.

Image editing apps Vivid App and AYAYA's accounts were also in the open database as Cutout.pro releases both service providers on its website as its customers.

Cutout.Pro is an AI-based platform that offers visual services like removing backgrounds and editing pictures for several purposes. This website was founded in 2018 and since then businesses and individuals have been using it. The company behind this website, Describli, is a software development company based in Hong Kong that specializes in software solutions for graphic designs.

Although it is not clear how Cutout.pro data was breached, according to the Cybernews team an ElasticSearch instance was not appropriately configured, allowing anyone to perform CRUD (Create, Read, Update, Delete) operations. This open ElasticSearch instance gave attackers a chance to carry out a denial of service (DoS) attack. Cybercriminals could have ended up using the open ElasticSearch instance as an initial access point to enter the database.

The leaked data can cause several problems for the users as people might have uploaded their private images of them on this platform. It can also lead to confidence loss for businesses that have been using this platform for their customers, leading to an ever-increasing cost of data breaches.

It's advised for users to change their passwords, as the passwords were MD5 hashes, which are easier to crack with today's technology. Consider creating a strong, and unique password to avoid further issues. Users also should change their passwords on other online platforms in which they've used the same credentials and be cautious about phishing emails.