US Photography website admits data breach

Photography website, 500px has disclosed that the firm underwent a data breach last year that led to the exposure of ‘partial data’ belonging to each of the site’s 15 million users.

The breach was first discovered by IT workers at 500px on 8th February of this year, but it is believed that hackers obtained unauthorised access to the company’s data back on 5th July 2018, the Inquirer reports.

In a blog post issued by the firm, 500px explained:

“On February 8, 2019, our engineering team became aware of a potential security issue affecting certain user profile data. We immediately launched a comprehensive review of our systems to understand the nature and scope of the issue. We engaged a third-party expert to assist us in our investigation and are coordinating with law enforcement authorities on this matter.

“Based on our investigation to date, we believe that an unauthorised party gained access to our systems and acquired partial user data on approximately July 5, 2018. We’ve concluded this issue affected certain information that users provided when filling out their user profiles, as listed below. Our engineers are closely monitoring our platform and we’ve found no evidence to date of any recurrence of this issue.

User potentially affected by the intrusion includes: first and last name as entered on 500px; 500px usernames; associated email addresses; a hash of the login password; dates of birth; city, state/province and country of residence, and gender. It is currently understood that no payment data or was compromised.

“At this time, there is no indication of unauthorised access to your account, and no evidence that other data associated with your user profile was affected, such as credit card information (which is not stored on our servers), if used to make any purchases, or any other sensitive personal information,” 500px said.

Around 14.8m Individuals who used the site on or leading up to 5th July 2018 are believed to have been affected, which essentially translates as all of the 500px user-base.

The company has asked all users to reset their passwords and is reminded account holders that they can have all their data sent to them within 72 hours of a request email being sent to help@500px.

“Going forward, we will continue to enhance our security measures to help keep your data safe and we are implementing additional measures to help prevent this type of incident from reoccurring.

“We are continuing to upgrade our network infrastructure. Over the last 12 months, we have undertaken a major upgrade to our network infrastructure—this project is nearing completion, and will also offer a significant increase in security,” the firm added.

 


European Data Protection Summit will take place on June 3rd in Central London and will play host to 800 DPO’s, Security Professionals and senior business decision makers looking for; information, updates, clarity, advice and solutions. For more information, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.