14.8 Million Accounts Compromised in 500px Breach

The photo-sharing site 500px has attracted millions of users by focusing on photographers, allowing them to display and even sell their work online. However, the site’s dedicated user base got a nasty surprise today. 500px reports that someone hacked its servers last summer, making off with user data from millions of accounts.

The first question you have to ask in a situation like this is, “Why are we only hearing about this now?” After all, 500px admits the breach happened in July of 2018. You can chalk this one up to ignorance rather than maliciousness. The site says that it didn’t know about the hack until February 8th.

When the 500px engineering team discovered evidence of the hack, the company brought in third-party experts and contacted law enforcement. What it’s discovered so far is that the hack affected almost every account on 500px. If you make an account before July 5th, someone out there has your data. That works out to 14.8 million accounts.

Luckily, 500px has learned from past security breaches on other websites, and the most sensitive data in user accounts is encrypted. While the attackers did get copies of passwords, they were hashed using a one-way cryptographic algorithm. Those should be useless to anyone, but the breach did reveal some important information. That includes the user’s first and last name, 500px username, email address, birthdate (if provided), general geographic location (if provided), and gender (if provided). The breach didn’t include account data like photos or payment information (which isn’t stored on the 500px servers).

500px is in the process of notifying all affected users, and it’s resetting passwords just to be safe. The site says it has made changes to its development and network infrastructure to prevent another attack of this kind, but it did not offer many details on how the hacker gained access.

It will take time to email all 14.8 million users, but you can reset your password immediately if you want to get back up and running. Alternatively, you can stop using 500px. The site provides information about how to go about deleting your account. It’s worth noting, of course, that won’t do anything about the data that was already stolen.

Now read:

  • Rogue Developer Uses Popular Open Source Project to Steal Bitcoins
  • This Tool Can Hack Your Accounts Even with Two-Factor Authentication
  • Bugs in the Bug: 100 million cars, especially VW, may be at risk for unlock hacks