February 29, 2024 at 10:59AM
AI service Cutout.Pro experienced a data breach exposing personal data of 20 million members, including email addresses, passwords, and other sensitive information. The breach was shared by a hacker on a hacking forum and data monitoring service Have I Been Pwned confirmed the leaked dataset. Cutout.Pro has not officially acknowledged the incident. Users are advised to reset their passwords immediately. There is concern for potential phishing scams targeting users.
From the provided meeting notes, it is evident that the AI service Cutout.Pro has experienced a substantial data breach. The breach exposed the personal information of 20 million members, including email addresses, hashed and salted passwords, IP addresses, and names.
Additionally, the breach involves a database dump consisting of 41.4 million records, with 20 million unique email addresses, as well as a variety of other sensitive user data, including user IDs, profile pictures, API access keys, account creation dates, user IP addresses, and mobile phone numbers. The breach has been confirmed by the data breach monitoring and alerting service Have I Been Pwned.
It is important to note that despite attempts to contact Cutout.Pro regarding the breach, no response has been received, so users are strongly advised to reset their passwords immediately on the service and any other platforms where the same credentials have been used. The use of relatively weak MD5 password hashes raises concerns about the possibility of threat actors trying to crack the leaked password hashes through brute-force methods. Furthermore, there is a risk of targeted phishing scams targeting Cutout.Pro users to gather further personal information.
In summary, the breach has significant implications for the security and privacy of Cutout.Pro users, necessitating immediate action to safeguard their accounts and prevent potential exploitation of the leaked data.