Agency Based Discussion > 123RF

Security breach - change your password

(1/5) > >>


--- Quote ---Dear 123RF member,

I am writing to you that an alleged data breach involving some of our membersí account information may have recently occurred on

We learned about the suspected data breach on November 10, 2020 and upon extensive internal inquiries we believe that your username, email, password (in encrypted form) and other account related details may have been compromised at this point of time.

Please be rest assured, we can confirm that the alleged data breach does not include any credit card, Paypal, Skrill, Ideal or any other bank details as we do not store such information.

However, in line with good security practices and to ensure the highest level of protection to your account, we advise you to change your password. You can set a new password by clicking here or when you next try to log into your account at 123RF an email will be sent to you to start the process.

Please be assured that 123RF is now secure as we have incorporated additional security measures such as stronger password requirements and last logged in location detection to secure your account better. We also undertake to work with the relevant authorities and organization and will fully cooperate with their investigations as we continue to safeguard your data.

We are deeply sorry for the inconvenience and concern this may have caused you. At 123RF, we are committed to build a creative platform that promotes creativity and entrepreneurship. Over the years, we have been making upgrades and improvements, including the recent added creative tools that allows users to have a seamless creative journey within the site. We will continue to champion this idea and thank you for your support all this time.

Stephanie Sitt
--- End quote ---

"Have I been pawned" website  also sent a notification (I'm a subscriber) with clear information - the email from 123RF is rather wishy-washy.

According to Have I Been Pawned the breach happened in March 2020.

Email found:   xxxxxxxxxxxxx
Breach:   123RF
Date of breach:   22 Mar 2020
Number of accounts:   8,661,578
Compromised data:   Email addresses, IP addresses, Names, Passwords, Phone numbers, Physical addresses, Usernames
Description:   In March 2020, the stock photo site 123RF suffered a data breach which impacted over 8 million subscribers and was subsequently sold online. The breach included email, IP and physical addresses, names, phone numbers and passwords stored as MD5 hashes. The data was provided to HIBP by"

Maybe this explain the SPAM I receive since September on the email address I use for 123RF.

I also got the emails from 123 and pwned,
"Please be assured that 123RF is now secure " oh great, NOW its secure, what was it before???!!!!

There seems to be no penalty for these companies allowing hacks to happen, clearly they could have stopped it beforehand, because NOW they have fixed it. Who knows how it happened? could have been a hack, or an internal employee leaking the data, or weak systems.
But its just 'oh were sorry" now weve fixed it. It should be investigated and if found to be a company failure to protect our data, they should be fined.
To be honest, they have gone downhill so much in the last few years, its probably a lack of money. I should really just give up with them.
If this has happened once, then they probably wont be regularly 'on the ball' with system security.

I received the same eMail, but didn't use the link they sent to reset my password - I went directly to the 123 website and clicked reset password from there. It's all very suspicious and it is getting more difficult to just do a regular login.


[0] Message Index

[#] Next page

Go to full version