User data exposed in 500px security breach... that happened in the middle of last year
The photo sharing site 500px has revealed details of a security breach that took place in mid-2018.
The company says that its engineering team only became aware of the breach -- which is thought to have taken place around July 5, 2018 -- a few days ago. 500px launched an investigation in conjunction with a third party and police, and says that "an unauthorized party gained access to our systems and acquired partial user data".
- VFEmail hack wipes out all of the email provider's US servers
- Marriott hack update: attackers accessed fewer user records than first thought, but 5.3 million passport numbers were unencrypted
- Marriott's Starwood Hotel database hacked, putting 500 million customers at risk
As a precaution, 500px is requiring all users to reset their account passwords, although the company says that there has been no recurrence of the incident, and it is playing down the significance of the data that was accessed. Anyone who was a 500px user on or before July 5th, 2018 is affected by the incident.
Notifications are being sent out to users, but the company has also published a post on its site.
500px says that the following data was accessed in the attack:
- Your first and last name as entered on 500px
- Your 500px username
- The email address associated with your 500px login
- A hash of your password, which was hashed using a one-way cryptographic algorithm
- Your birth date, if provided
- Your city, state/province, country, if provided
- Your gender, if provided
The post goes on to say:
Regardless of whether or not you were directly affected, given the nature of the personal data involved, we are alerting you to this matter so you can take steps to help protect yourself against the risk of phishing, spam, and other misuse of your information as a result of this issue. We recommend you change your password on any other website or app on which you use a password that is the same as or similar to your password for your 500px account.
It does not appear that users' accounts were accessed, nor credit card information. At the moment there is no word on who may have been responsible for the attack, but 500px says that it has taken, and continues to take, measures to prevent a repeat of the incident occurring.