Pixlr’s photo editor probably isn’t something unheard of to many of our readers. It’s something we often use on our Chromebooks and also something we’ve bragged about a bunch as a simple Photoshop alternative for basic editing in the cloud. As Chromebooks become more popular and as web applications become more useful, many of us look to web-based software for simplicity, portability, price, and features that can add superpowers to our laptops.
Unfortunately, according to Bleeping Computer, Pixlr photo editor was just hacked this weekend and 1.9 million user records were leaked on a forum! Details of this hack included email addresses, login names, SHA-512 hashed passwords, the user’s country, whether they signed up for the newsletter, and more. How did this happen?
Well, a hacker by the name of ShinyHunters, who’s previously been responsible for the Homechef and WattPad breach among others, gained access to Pixlr’s 123rf stock photo site which is owned by Inmagine, the same company as Pixlr. Over 83 million records were stored in the company’s AWS server, and many of the 1.9 million of them were Pixlr users.
Needless to say, we’re extremely disappointed that this happened! Pixlr has an awesome set of tools, and we’ve enjoyed our time with it over the past few years. How can Chromebook users protect themselves in light of this data breach? Well, there are a few ways. First, it’s important to stay informed. If you’re interested in finding out whether or not you’ve been the victim of a data breach, you can use Chrome’s built-in Safety Check feature. Just go to your Chrome Browser, tap the three dots menu at the top right, go to ‘Settings’, and scroll down to ‘Safety Check’. Click the button there and it will begin to perform several tasks on your behalf, including cross-checking your saved passwords against known data breaches! Not only that but once it finds compromised passwords (I have four!), it will allow you to change them immediately.
How to perform a Chrome Safety Check
Chrome browser > Settings > Safety Check
Another great tool for checking if you’ve been a victim of a password leak is Haveibeenpwned.com. Simply plug your email address in and it will spit out all of the data breaches that you’re unfortunately a part of. If you take one look at the bottom of the website, you’ll notice that hacks like Pixlr are not uncommon – in fact, they’re actually quite frequent. Sadly, such is the nature of the internet.
The word “pwned” has origins in video game culture and is a leetspeak derivation of the word “owned”, due to the proximity of the “o” and “p” keys. It’s typically used to imply that someone has been controlled or compromised, for example, “I was pwned in the Adobe data breach”. Read more about how “pwned” went from hacker slang to the internet’s favourite taunt.What does ‘Pwned’ mean?
We recommend that if you use the same password for Pixlr as you do for other websites (including your Google Account), you change it immediately! It’s also a great idea to review and follow Google’s tips for creating a strong password and a more secure account. Chief among these is that you shouldn’t use the same password for everything. As I frequently say, the sooner we get biometric security across everything, the better.
As the Chrome OS Photo editor gets more powerful, it would be awesome to see new features come to it – features that can replace the need for Pixlr and other web applications. Chromebooks also now have powerful Photoshop alternatives in the form of Krita, Inkscape, and Clip Studio Paint. With Clip Studio Paint, you can even use a Wacom graphics tablet with it as of this week – something you simply can’t do with Pixlr or any web-based photo editor! If you do utilize downloadable apps that serve the same purpose as a web application, just know that you may still be required to create an online account that can be hacked!
Do you have an account with Pixlr? Have you been pwned? Click the button below to find out, visit your Google Password Check or follow the Safety Check route as soon as possible. Do you intend to erase your Pixlr account after today’s news? Let’s discuss in the comments, and stay safe out there!