News Heading - 1

AI-Powered CutOut.Pro Data Breach Exposes PII of 20 Million Users

  • Written by Shipra Sanganeria Cybersecurity & Tech Writer
  • Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor

Hong Kong-based AI service platform, Cutout.Pro, suffered a massive data breach wherein personal information of nearly 20 million users was compromised.

The February 2024 breach exposed member information, including email and IP addresses, names, profile pictures, account creation and other details, mobile phone numbers, API access keys, and hashed and salted passwords. Thus, triggering security and privacy concerns.

CutOut.Pro’s marketing department however, denied the data breach claims, labeling it as a ‘clear scam,’ reports Hackread . The company claimed to have “never received any emails from users stating that their accounts have been hacked or their information leaked.”

Data breach monitoring and alerting sites like, Hackread.com and Troy Hunt’s Have I Been Pwned ( HIBP ) independently verified the breached data, and their evidence proves the breach legitimacy.

Hackread verified 20 leaked email addresses by attempting to register on CutOut.Pro website, and it found accounts registered and in use for the said email addresses.

HIBP has also added the breach on its platform, confirming exposure of 19,972,829 user accounts.

Despite the company’s denial, both past and present CutOut.Pro users are advised to reset their passwords both on the platform and other websites where similar credentials have been used.

Furthermore, users should watch out for any suspicious activity linked to the online accounts and beware of targeted phishing attempts.

This is not the first time that CutOut.Pro users have had their data compromised. In early 2023 , researchers at Cybernews discovered that the company’s open Elasticsearch servers leaked 9 GB worth of user data.

Founded in 2018, CutOut.Pro is an AI-powered platform that refines photos and video content.

News Heading - 2

Pharma Giant Cencora Confirms Data Breach During Cyberattack

  • Written by Shipra Sanganeria Cybersecurity & Tech Writer
  • Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor

Global healthcare solution provider Cencora disclosed a cybersecurity incident where unknown threat actors stole from its corporate IT systems.

The breach, which was discovered on February 21, 2023, is believed to contain some personal information. However, the company has not yet disclosed any details regarding the exfiltrated data.

In its SEC filing , the company said that it had immediately implemented remediation measures to contain the incident. “Upon initial detection of the unauthorized activity, the Company immediately took containment steps and commenced an investigation with the assistance of law enforcement, cybersecurity experts and external counsel,” the filing revealed.

In the filing, Cencora further went on to say that the incident has not yet had any material impact on its operations, and its internal network systems continue to operate as normal.

“The Company has not yet determined whether the incident is reasonably likely to materially impact the Company’s financial condition or results of operations,” Cencora said.

Formerly AmerisourceBergen, Cencora an American pharmaceutical services company specializes in providing pharma solutions to healthcare organizations, animal care, and pharmacies, worldwide. With more than 46,000 employees, in fiscal year 2023, the company earned $262.2 billion in revenue.

In recent times, healthcare organizations have been quite susceptible to cyberattacks, due to the significant usage of IoT solutions.

In mid-December 2023, the FBI, the Cybersecurity and Infrastructure Security Agency (CISA,) and the US Department of Health and Human Services (HHS), disclosed in a joint advisory that 70 leaked victims of ALPHV were affected from the healthcare industry.

Although the call is believed to be in response to the operational action against the group and its infrastructure by US law enforcement authorities, in early December 2023, ALPHV is steadfast in its onslaught against healthcare organizations.

On February 21, 2024, the group claimed to be behind the cyberattack against Change Healthcare. The incident which severely affected the healthcare services, across the US.