500px is a Canada-based online photography community. Founded by Oleg Gutsol and Evgeny Tchebotarev in 2009, the service has about 15 million users.
On February 12th, the company said that its data may have been stolen in a security breach.
In a statement, the portfolio website for photographers said that an unauthorized party gained access to its systems on or around July 5th, 2018. Having discovered about the breach on February 8, 2019, it said that around 14.8 million users may be affected.
In other words, all of its user base may have their sensitive information leaked.
The company started emailing its users, notifying them about this incident, prioritized in order of potential risk.
And as a precaution, it is urging all of its users to change their 500px account passwords. And if the 500px passwords have been used on other online services, the company also urged users to change them as well.
"We recommend you change your password on any other website or app on which you use a password that is the same as or similar to your password for your 500px account," said 500px.
According to the company’s initial findings, the breached data may include:
- Users' registered first and last name.
- Users' 500px username.
- The email address associated with users' 500px login.
- Users' password, hashed using a one-way cryptographic algorithm.
- Users' birth date, if provided.
- Users city, state/province, country, if provided.
- Users gender, if provided.
Also in its initial findings, 500px said that it found no evidence of unauthorized access to users' accounts. The company also didn't find any evidence of users' data, such as credit card information, which are kept on separate servers, having been affected.
"At this time, there is no indication of unauthorized access to your account, and no evidence that other data associated with your user profile was affected, such as credit card information (which is not stored on our servers), if used to make any purchases, or any other sensitive personal information," said 500px.
To prevent future similar incident, the company said that it "immediately launched a comprehensive review of our systems to understand the nature and scope of the issue,” adding that the company is also working with third-party and the law enforcement to assist it in its investigation.
It took the company a few days before unveiling this fact to the public, that according to the spokesperson, so it can "provide our users with accurate information before confirming the details of the breach."
500px's main priority was to first secure its systems and user data from further breaches, and to collect and confirm all available information before contacting its community.
“We take the security of your information extremely seriously, and we sincerely apologize with regret that this issue occurred,” said 500px. “Going forward, we will continue to enhance our security measures to help keep your data safe, as well as implement additional measures to help prevent this type of incident from reoccurring.”