14.8M 500px users’ data leaked in ’18
Breach includes usernames, first and last names, email address
Following a breach, 500px on Wednesday told its users they will need to reset their passwords.
An attacker was able to take “partial user data” from July 5 last year.
The portfolio website for photographers in a blog post said the data types hit include usernames, first and last names, email address, password hash, date of birth, address information, and gender.
“If you were a 500px user on or prior to July 5, 2018, you have been affected,” the company said.
It said that around 14.8 million users may be affected; in other words, its entire user base at the time the breach took place.
“We’ve concluded this issue affected certain information that users provided when filling out their user profiles.”
Toronto-based 500px began contacting its members by email at around 8 pm ET on Tuesday. As a precautionary measure, it’s requiring all users to change their 500px account password, and to also change it for any other online accounts
AS A precautionary measure, it’s requiring all users to change their 500px account password, and to also change it for any other online accounts where the password is the same.
THE COMPANY said in a blog post that it is still investigating the cause of the incident.
where the password is the same.
“We have alerted law enforcement, in addition to retaining a security firm to assist us in the investigation and next steps,” it said.
At the same time that 500px had alerted its users of the incident, folks on social media were claiming programming education site DataCamp was
also breached, with email, name, bcrypt-hashed password, and potentially location, biography, education, and picture among the data exposed.
“On Monday, February 11, 2019, we discovered some user data was exposed as a result of criminal unauthorised access to one of our systems by a malicious third party,” DataCamp confirmed after publication to ZDNet.
“We are sorry for any concern or inconvenience this may cause. We are working rapidly to investigate the situation further and take appropriate steps to prevent such incidents in the future.”
The company said in a blog post that it is still investigating the cause of the incident.
Meanwhile, The Register has reported both 500px and DataCamp data is available for purchase on the dark web, along with a menagerie of data from other sites.
Among that data, The Register reported, is data from the 92.2 million account MyHeritage breach, and well as data from a MyFitnessPal breach that hit 150 million accounts.