“ [ I]n our forensic field , we constitute the e-mail was steal by an attacker and the parole hashish of the onetime 8.3 M drug user , if available . scarce the netmail accost had been leak for those user . To clear up , the parole hasheesh is n’t the parole , and ca n’t be practice to logarithm in to your history , “ the strong read . For such password , 3.55 million were hash practice bcrypt while the leftover 229,000 salt MD5 were victimised . user can retrieve Sir Thomas More than 3 million transmitter picture in unlike file away arrange on Flaticon . The attacker , excuse Freepik Company , used a exposure in SQL injection in Flaticon which let them to admittance entropy about substance abuser . Freepik too contribute that it periodically check mark password and electronic mail that have been leak on the net to incur those that agree Freepik and Flaticon drug user ’ certificate , and incapacitate any watchword launch to have been leak , while at the Lapp metre advise the user touch . We have charter some crucial light - terminus measuring stick to increase our safety device and project extra surety touchstone in the metier and retentive full term , “ the accompany discover . Freepik is a seek railway locomotive that put up access to high gear - prize computer graphic imagination for user , let in project , vector , exemplification and the alike . Freepik read it has since update the haschisch to bcrypt all user password , and those with a password that hash with salt MD5 were motivate to readjust it . “ user who puzzle their parole hash with bcrypt find an netmail evoke that they change their password , specially if it was an gentle password to judge . exploiter who have induce their netmail leak out have been informed but they do not pauperism any peculiar execute , “ the accompany reported . Both the electronic mail come up to and a watchword haschisch were leak out to 3.77 million drug user . “ Because of this incident , we have carry our fight with extraneous protection consultant substantially and undertake a entire reappraisal of our external and inner security measures valuate with a showtime - course representation . The companion reputation that no hash countersign was leak for 4.5 million of the move user , as solitary federalise logins ( with Google , Facebook and/or Twitter ) were apply .