Cutout.pro, a popular AI-based photo and video editing tool, has been found leaking over 9 GB of user data online.
The breach discovered by Cybernews contained over 22 million log entries (some of them duplicates) exposing user images, usernames and email addresses of individual and business accounts.
The analysis of the unsecured server belonging to the visual AI platform also included information on the number of user credits and links to Amazon S3 buckets which stored any generated user images.
“The Cybernews research team discovered that Cutout.pro, an AI-based visual design platform headquartered in Hong Kong, leaked user-generated content via an open ElasticSearch instance,” the report reads.
“According to the team, Cutout.pro exposed customer usernames and images they created using the company’s tools. Moreover, the instance also had information on the number of user credits, a virtual in-service currency, and links to Amazon S3 buckets, where generated images were stored.”
The publication, which focuses on cybersecurity research, also highlights the privacy risks stemming from exposed user data that could have been accessed by malicious actors. This includes access to sensitive images intended for personal use that may be used to extort victims.
During the investigation of the exposed Elasticsearch instances, researchers also noted misconfigurations that could have allowed anyone to perform CRUD (Create, Read, Update, Delete) operations.
“If Cutout.pro’s developers previously didn’t back up the data, the open instance could have led not only to the temporary denial of service but a permanent data loss that was stored on the open instance. Attackers could have wiped it out,” researchers added.
Users are advised to take proactive measures and change their usernames on the platform.
With Bitdefender Digital Identity Protection you can find out what key pieces of your digital identity have been exposed in data breaches or leaks over the year, and take measures to control, manage and protect your identity.
The service provides real-time notifications that alert you when your data ends up in legal or illegal data collections online. You can also check out expert recommendations to fix and detect privacy issues that threaten your financial wellbeing.
tags
Alina is a history buff passionate about cybersecurity and anything sci-fi, advocating Bitdefender technologies and solutions. She spends most of her time between her two feline friends and traveling.
View all postsDecember 19, 2024
November 14, 2024