Cutout.Pro 2024 Data Breach
ObscureIQ Breach Intelligence
Low SeverityWebsite / service breach
Cutout.Pro AI Image Editing Platform Breach (2024): 40 Million User Accounts Including Passwords Exposed
AI-powered image editing platform.
Verified by ObscureIQ Intelligence
23/100Breach Risk Index
5Data Value
25Market Recency
458dSince Breach
Breach Intelligence Summary
Entity: Cutout.Pro · Actor: Unknown · Sources: 11 references
Attack: Misconfiguration
Profile: Platform · AI-powered visual design and image editing services · AI visual design platform · Global
Timeline: Breach (2024-02-26) · Indexed (Jan 24, 2025) · Year (2024)
Exposure: 40.4M records · 4 fields: Email Address, Full Name, IP Address, Password
Status: Confirmed
Executive Summary
Cutout.Pro, an AI-powered image and video editing platform serving tens of millions of users globally, suffered a data breach in February 2024 after a misconfiguration exposed its internal database. A hacker obtained and leaked a 5.93 GB database directly on a public hacking forum and distributed it through Telegram channels. The exposed database contained over 41 million records tied to an estimated 20 million user accounts. The breach exposed names, email addresses, IP addresses, and hashed passwords. The passwords were protected with salted MD5 hashing, a relatively weak standard that determined attackers can crack with modern tools. For affected users, this combination of data creates real risk: exposed credentials can be tested against other accounts the person uses, and their email address and IP address can be used to craft convincing phishing attempts or identify their approximate location. Cutout.Pro did not make prominent public statements about the breach, and no formal notification to affected users has been widely documented. No regulatory action or class-action litigation specific to this incident has been reported. Users of the platform should treat their Cutout.Pro password as compromised, change it immediately, and update any other accounts where the same password was used. Because the platform handles personal photos and business design assets, affected users should also consider what images they may have uploaded and processed through the service.
ObscureIQ assessment: Exposure enables phishing, account abuse, and leakage of uploaded images or design projects. Image-processing platforms can also reveal personal photos or business assets.
Breach Impact
In February 2024 a hacker leaked a 5.93GB database from Cutout.Pro containing over 41 million records including names, email addresses, IP addresses, and hashed passwords. The data was published publicly. Cutout.Pro did not make prominent public statements about the breach at the time of exposure, and no formal notification to affected users has been widely documented. No class-action litigation or regulatory action specific to this incident has been prominently reported.
About Cutout.Pro
Cutout.Pro is an AI-powered image and video editing platform offering background removal, photo enhancement, portrait retouching, and creative generation tools. The service operates on a credit-based freemium model and has attracted tens of millions of registered users globally, primarily serving content creators, designers, and small businesses who use the tools for social media and marketing assets.
Why They Hold Your Data
AI visual-design platforms collect user accounts, uploaded images, project metadata, billing records, and usage activity tied to editing and generative design workflows.
Recent Developments
Cutout.Pro continues to operate as an AI image processing platform. The market for AI-powered creative tools has become highly competitive. No major organizational changes have been prominently reported in public sources.
Data Points Exposed
4 verified field types
Email Address
Full Name High
IP Address
Password Critical
Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.
Exploitation & Downstream Threats
Threat Activity:High
Primary downstream threats:
- Credential stuffing against reused passwords across other platforms
- Targeted phishing campaigns using exposed email addresses
Threat vectors:
- Phishing, credential stuffing & account takeover
- Name-based social engineering
- Geolocation & account flagging
- Credential stuffing & account takeover
Recommended Actions
If you believe your information may be included:
Change Reused Passwords
Update this account and anywhere you reused the password; use a manager.
Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.
Frequently Asked Questions
What happened in the Cutout.Pro breach?▾
Cutout.Pro, an AI-powered image and video editing platform serving tens of millions of users globally, suffered a data breach in February 2024 after a misconfiguration exposed its internal database. A hacker obtained and leaked a 5.93 GB database directly on a public hacking forum and distributed…
What data was exposed?▾
Verified fields include Email Address, Full Name, IP Address, Password.
What should I do if I was affected?▾
Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.
Sources & References
Every claim on this page is traceable. This breach draws on:
Breach Index
Breach Index
Cross-source
9ghz
Cross-source
BreachDirectory
Cross-source
BreachForums_Official_Index
Cross-source
Dehashed
Cross-source
Hashmob
Cross-source
Leak-Lookup
Cross-source
LeakCheck.io
Cross-source
Leaked.Domains (+1)
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Protect Yourself
Check If You're Affected
Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.
Get Free Breach Alerts
Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.
High-Risk? Get an Exposure Audit
Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.
Request Consultation