500px has Confirmed Users Data Breached, company recommend users to reset their passwords.
If you were a 500px users from 5th July 2018, then you have been affected. There are 15 million photographers from 195 countries to discover and share incredible photos.
According to the 500px post, the data breach exposed user’s first and last names, usernames, email addresses, a hash of their passwords and birth-dates.
What happened?
“On February 8, 2019, 500px engineering team became aware of a potential security issue affecting certain user profile data. We immediately launched a comprehensive review of the company website systems to understand the nature and scope of the issue. We engaged a third-party expert to assist us in their investigation and are coordinating with law enforcement authorities on this matter.”
“Based on the investigation to date, company believe that an unauthorized party gained access to our systems and acquired partial user data on approximately July 5, 2018. We’ve concluded this issue affected certain information that users provided when filling out their user profiles, as listed below. Our engineers are closely monitoring our platform and we’ve found no evidence to date of any recurrence of this issue.”
“As a precaution, we are requiring all users to reset their 500px account passwords. A notification email will provide instructions to affected data subjects on how to reset their passwords.”
“A system-wide password reset is currently underway for all users, prioritized in order of potential risk, and we have already forced a reset of all MD5-encrypted passwords.”
What type of user data was affected?
- Your first and last name as entered on 500px
- Your 500px username
- The email address associated with your 500px login
- A hash of your password, which was hashed using a one-way cryptographic algorithm
- Your birth date, if provided
- Your city, state/province, country, if provided
- Your gender, if provided
How do you know if you were affected?
If you were a 500px user on or prior to July 5, 2018, you have been affected.
We are in the process of notifying all users via email as well as onsite and with mobile notifications, however, given the volume of users affected, there may be delays in the notifications you receive.
Regardless of whether or not you were directly affected, given the nature of the personal data involved, we are alerting you to this matter so you can take steps to help protect yourself against the risk of phishing, spam, and other misuse of your information as a result of this issue. We recommend you change your password on any other website or app on which you use a password that is the same as or similar to your password for your 500px account.
What data wasn’t taken?
At this time, there is no indication of unauthorized access to your account, and no evidence that other data associated with your user profile was affected, such as credit card information (which is not stored on our servers), if used to make any purchases, or any other sensitive personal information.
Company done to fix this?
1) The security of 500px website system
2) company said, that our users’ data is secured from further breaches and unauthorized access of the accounts first and foremost, followed by communication to our users, followed by public communications.
- We have vetted access to our servers, databases, and other sensitive data-storage services.
- We have and are continuing to monitor our source code, both public-facing and internal, to protect against security issues.
- We are partnering with leading experts in cyber security to further secure our website, mobile apps, internal systems, and security processes.
- We are modifying our internal software development process.
- We are continuing to upgrade our network infrastructure.
