ShellCodeX Breach Report
123RF Data Breach
123rf.com
Verified breach
Passwords exposed
Accounts exposed
8,661,578
Breach date
22 Mar 2020
Added to tracker
15 Nov 2020
Data classes
7
What happened
In March 2020, the stock photo site 123RF suffered a data breach which impacted over 8 million subscribers and was subsequently sold online. The breach included email, IP and physical addresses, names, phone numbers and passwords stored as MD5 hashes. The data was provided to HIBP by dehashed.com.
Exposed data
Email addresses
IP addresses
Names
Passwords
Phone numbers
Physical addresses
Usernames
Recommended actions
- Change your 123RF password immediately, and update it anywhere you reused the same password.
- Enable two-factor authentication on the affected account and on your critical services (email, banking).
- Watch for targeted phishing emails referencing 123RF โ attackers weaponise breach data quickly.
- Stay alert for smishing (SMS phishing) and SIM-swap attempts using your phone number.
- Exposed identity data raises identity-theft risk โ consider credit monitoring or a credit freeze.
Am I affected?
Check whether your email address appears in this breach.
Check on HIBP