Photosharing Site 500px Suffers Major Security Breach
500px is a photo sharing website that shares a similar layout to Instagram but is a paid format. The site has three different membership options, a creator studio and more offering slightly more than competitor Instagram. However, they suffered a security breach of 14.8 million users. The leak happened on July 5, 2018, and included usernames, passwords, personally identifiable information like names. 500px discovered the security breach and leak on Feb. 8, 2019. Fortunately, users who joined the website after Jul. 5, 2018 were not impacted by the breach.
The information collected in the data breach includes:
• User’s first and last name as entered on the website.
• Users 500px username.
• Email Address.
• Hash of the user’s password.
• User birthdate, if provided.
• User location, including city, state, and country.
• User’s gender.
In their official release about the data breach, 500px did not state if financial information was taken. In a response to the breach, they reset all user login credentials. Additionally, 500px will notify all 14.8 million users impacted by the security breach by email.
Why Do Hackers Want This Information?
Hackers can use the database of customer information to credential stuff other accounts. This is why it is important for you to change the password of any accounts that share the same credentials as a breached website’s account. When your information is available on the dark web, malicious third parties can make bids for it. They’ll then go through a variety of websites, including bank accounts and more trying out different email addresses and passwords.
You can prevent credential stuffing of your accounts with a few steps. The first step is to use a password manager, the second is to make sure all of your accounts have two-factor authentication. If you are using a website that you add payment information to, use a credit card or, better, use a service like PayPal.
Data breaches can happen to almost anyone. It’s never a matter of if, but a matter of when. When a company does not update their systems, run constant security checks, or invest in user data management, they play a game of Russian Roulette. Fortunately, SecureData can help with data breaches. We can deploy anywhere in the world within 24 hours to fix the issue. Call us today for a free phone consultation at 1-800-288-1407.