[BreachExchange] 500px reveals almost 15 million users are caught up in security breach
Destry Winant
destry at riskbasedsecurity.com
Thu Feb 14 09:07:35 EST 2019
https://www.digitaltrends.com/computing/500px-almost-15-million-users-caught-up-in-security-breach/
Online photography community 500px told its members on Tuesday,
February 12, that their data may have been stolen in a security breach
and warned them to change their password.
In a statement, the portfolio website for photographers said an
unauthorized party gained access to its systems on or around July 5,
2018. However, the breach was only discovered by its engineers on
February 8, 2019.
It said that around 14.8 million users may be affected. In other
words, its entire user base at the time the breach took place.
Toronto-based 500px began contacting its members by email at around 8
p.m. ET on Tuesday. As a precautionary measure, it’s requiring all
users to change their 500px account passwords, and to also change them
for any other online accounts where the password is the same.
Emails with instructions for the password reset are going out now to
all users, prioritized in order of potential risk. If you’re worried
about clicking on a link in an email asking you to reset your
password, simply open a new browser window and navigate to 500px.com,
where you’ll be able to initiate the process yourself.
According to the company’s initial findings, the nabbed data may include:
Your first and last name as entered on 500px
Your 500px username
The email address associated with your 500px login
A hash of your password, which was hashed using a one-way
cryptographic algorithm
Your birth date, if provided
Your city, state/province, country, if provided
Your gender, if provided
500px said that at this time, it’s found no evidence of unauthorized
access to user accounts. Nor is there any evidence of other data such
as credit card information — which is kept on separate servers —
having been affected.
After learning of the hack, the company said it “immediately launched
a comprehensive review of our systems to understand the nature and
scope of the issue,” adding that it had called in a third-party expert
to assist it in its investigation, with law enforcement also involved.
Asked why it took four days to notify its community of the hack, a
500px spokesperson told Digital Trends: “It was important that we were
able to provide our users with accurate information before confirming
the details of the breach.”
The company said that given the seriousness of the issue, its main
priority was to secure its systems and user data from further
breaches, and to collect and confirm all available information before
contacting the 500px community. Those seeking more information should
visit the 500px webpage dedicated to the issue.
More information about the BreachExchange
mailing list