It took over six months for the company to detect and report the incident
The 500px photography hosting platform has publicly disclosed that it suffered a data breach in the middle of last year. According to network security and ethical hacking specialists from the International Institute of Cyber Security, the company forced a password reset for all its users as a security measure.
The incident would have occurred at the beginning of July 2018 but was discovered just a few days ago when 500px network security teams detected what they described as “a possible security incident that impacts the profile data of our platform users”.
500px noted that this data breach affects all registered users on the platform before July 2018, when the incident occurred. Currently, the site has around 15 million users registered.
“Several users’ personal details have been compromised”, mentioned the 500px statement. “Our IT teams have implemented a surveillance protocol on our platform to prevent any additional issues. In addition, 500px is re-establishing all users’ passwords”.
According to network security specialists, among the compromised information we can find:
- Users’ full names
- Email addresses
- Usernames for the platform
- Date of birth, gender and city of residence
- Access credentials
The photographer network says that until now there is no evidence to confirm that some hacker has compromised an individual account, also emphasize that the data related to payment cards of users are not stored on their servers, so it are exempt from this data theft.
“Although not all of our users have been affected, we decided to implement security measures for all of them because of the nature of the information involved. Users have already been advised to protect themselves against potential phishing attacks, spam, and other cyberattack variants”, the company says.
“As an additional security measure, we recommend that users change their passwords on any other platform where they use the same 500px access keys”, adds the platform statement. Using the same access key for more than one online platform exposes users to possible credential stuffing attacks.
Some reports suggest that the information extracted from 500px is available on some dark web forums, so it was vital that the platform implement the necessary security measures as soon as possible.