Online photography network 500px has forced a password reset for all users after revealing this week that it suffered a data breach last summer.
The site claimed that the incident, which it believes occurred on around July 5 2018, was not discovered until last week, when its engineering team “became aware of a potential security issue affecting certain user profile data.”
The firm said all users on or prior to July 5 have been affected. The site currently claims to have over 15 million photographers signed up.
“We’ve concluded this issue affected certain information that users provided when filling out their user profiles ... Our engineers are closely monitoring our platform and we’ve found no evidence to date of any recurrence of this issue,” an FAQ about the incident revealed.
“A system-wide password reset is currently underway for all users, prioritized in order of potential risk, and we have already forced a reset of all MD5-encrypted passwords.”
The stolen data includes: users’ names, email addresses, usernames, hashed passwords and birth date, gender and city/state/country if provided.
The photo network claimed that there’s no evidence to suggest hackers managed to compromise individual accounts, and said that payment card details aren’t stored on its servers. However, it did warn of possible follow-on attacks.
“Regardless of whether or not you were directly affected, given the nature of the personal data involved, we are alerting you to this matter so you can take steps to help protect yourself against the risk of phishing, spam, and other misuse of your information as a result of this issue,” it said.
“We recommend you change your password on any other website or app on which you use a password that is the same as or similar to your password for your 500px account.”
Some reports suggest 500px user data is already up for sale on the dark web.