500px told its members on Tuesday that their data may have been stolen in a security breach and warned them to change their password.
In a statement, the portfolio website for photographers said an unauthorized party gained access to its systems on or around July 5, 2018. However, the breach was only discovered by its engineers on February 8, 2019.
It said that around 14.8 million users may be affected; in other words, its entire user base at the time the breach took place.
Toronto-based 500px began contacting its members by email at around 8 p.m. ET on Tuesday. As a precautionary measure, it’s requiring all users to change their 500px account password, and to also change it for any other online accounts where the password is the same.
Emails with instructions for the password reset are going out now to all users, prioritized in order of potential risk. If you’re worried about clicking on a link in an email asking you to reset your password, simply open a new browser window and navigate to 500px.com, whereupon you’ll be able to initiate the process yourself.
According to the company’s initial findings, the nabbed data may include:
– Your first and last name as entered on 500px
– Your 500px username
– The email address associated with your 500px login
– A hash of your password, which was hashed using a one-way cryptographic algorithm
– Your birth date, if provided
– Your city, state/province, country, if provided
– Your gender, if provided
500px said that at this time, it’s found no evidence of unauthorized access to user accounts. Nor is there any evidence of other data such as credit card information — which is kept on separate servers — having been affected.
After learning of the hack, the company said it “immediately launched a comprehensive review of our systems to understand the nature and scope of the issue,” adding that it had called in a third-party expert to assist it in its investigation, with law enforcement also involved.
Asked why it took four days to notify its community of the hack, a 500px spokesperson told Digital Trends: “It was important that we were able to provide our users with accurate information before confirming the details of the breach.”
The company said that given the seriousness of the issue, its main priority was to secure its systems and user data from further breaches, and to collect and confirm all available information before contacting the 500px community. Those seeking more information should visit the 500px webpage dedicated to the issue.