It took over six months for the company to detect and report the incident
The 500px
photography hosting platform has publicly disclosed that it suffered a data
breach in the middle of last year. According to network
security and ethical hacking specialists from the International
Institute of Cyber Security, the company forced a password reset for all its
users as a security measure.
The incident would have occurred at the
beginning of July 2018 but was discovered just a few days ago when 500px
network security teams detected what they described as “a possible security
incident that impacts the profile data of our platform users”.
500px noted that this data breach affects all
registered users on the platform before July 2018, when the incident occurred. Currently,
the site has around 15 million users registered.
“Several users’ personal details have been
compromised”, mentioned the 500px statement. “Our IT teams have implemented a
surveillance protocol on our platform to prevent any additional issues. In
addition, 500px is re-establishing all users’ passwords”.
According to network security specialists,
among the compromised information we can find:
- Users’
full names - Email
addresses - Usernames
for the platform - Date
of birth, gender and city of residence - Access
credentials
The photographer network says that until now
there is no evidence to confirm that some hacker has compromised an individual
account, also emphasize that the data related to payment cards of users are not
stored on their servers, so it are exempt from this data theft.
“Although not all of our users have been
affected, we decided to implement security measures for all of them because of
the nature of the information involved. Users have already been advised to
protect themselves against potential phishing attacks, spam, and other
cyberattack variants”, the company says.
“As an additional security measure, we
recommend that users change their passwords on any other platform where they
use the same 500px access keys”, adds the platform statement. Using the same
access key for more than one online platform exposes users to possible credential
stuffing attacks.
Some reports suggest that the information
extracted from 500px is available on some dark web forums, so it was vital that
the platform implement the necessary security measures as soon as possible.
