DIY Photography

Your one stop shop for everything photo-video

  • News
  • Inspiration
  • Reviews
  • Tutorials
  • DIY
  • Gear
Search

Submit A Story

500px demands users reset their passwords after data breach

Feb 13, 2019 by John Aldred 2 Comments

  • Share
  • Tweet
  • Flipboard
  • WhatsApp

This morning, I received an email from 500px requiring that I change my password after they became aware of a “security issue” on the site on Friday 8th February. This might sound like 500px is jumping on the issue quickly, however, the breach actually happened way back on July 5th, 2018.

After detecting the breach, 500px says that they “immediately launched a comprehensive review of our systems” to figure out exactly what happened and what the impact was. They say that have been working with third-party security experts and are coordinating with law enforcement authorities.

The email explains what happened…

What happened?

On February 8, 2019, our engineering team became aware of a potential security issue affecting certain user profile data. We immediately launched a comprehensive review of our systems to understand the nature and scope of the issue. We engaged a third-party expert to assist us in our investigation and are coordinating with law enforcement authorities on this matter.

Based on our investigation to date, we believe that an unauthorized party gained access to our systems and acquired partial user data on approximately July 5, 2018. We’ve concluded this issue affected certain information that users provided when filling out their user profiles, as listed below. Our engineers are closely monitoring our platform and we’ve found no evidence to date of any recurrence of this issue.

What personal data may have been affected?

  • Your first and last name as entered on 500px
  • Your 500px username
  • The email address associated with your 500px login
  • A hash of your password, which is hashed using a one-way cryptographic algorithm
  • Your city, state/province, country, if provided
  • Your birth date, if provided
  • Your gender, if provided

At this time, there is no indication of unauthorized access to your account, and no evidence that other data associated with your user profile was affected, such as credit card information (which is not stored on our servers), if used to make any purchases, or any other sensitive personal information.

While the email said that there is no indication that there was unauthorised access to my account, it does say that users with passwords that haven’t been changed since October 2012 may be “reverse-engineered”, giving somebody access to your account, hence the forced password change. Presumably by “reverse-engineered” it’s some form of basic one-way encryption like MD5 hashing, and they’re talking about a brute force attack to figure out what those older passwords are.

Given the nature of the personal data involved, we are alerting you to this matter so you can take steps to help protect yourself against the risk of phishing, spam, and other misuse of your information as a result of this issue.

In addition, if you have not changed your password on 500px since October 2012, there is a risk that your hashed password could be reverse-engineered to allow an unauthorized party to compromise your 500px account. The sections below provide information on the steps taken to protect your account, as well as further instructions for you.

500px says that in response, they have already reset passwords, requiring users to create another to gain access to their accounts. They say that they have also “vetted access” to their servers, databases and sensitive data-storage services, and that they are monitoring both the public and internal source code to keep an eye out for further exploits with the assistance of cybersecurity experts to beef up the security of their website, mobile apps, and internal systems. They don’t say whether this was a public attack against 500px from across the web or an attack from within, through associations with other services.

As usual, the recommendation is to change your password on any other website where you might have used the same password as that used on 500px. There is a FAQ, where you can find out more on the 500px website. 500px is based in Canada and owned by Visual China Group.

FIND THIS INTERESTING? SHARE IT WITH YOUR FRIENDS!

  • Share
  • Tweet
  • Flipboard
  • WhatsApp

Related posts:

Millions of private photographs leaked in Ricoh Theta360 data breach Adobe data breach exposed almost 7.5 million Creative Cloud accounts to the public Twitter urges all users to change their passwords after major security bug A major Instagram security bug leaked users passwords as plain text

Filed Under: news Tagged With: 500px, data breach, security

John Aldred: from diyphotography.net

About John Aldred

John Aldred is a photographer with over 20 years of experience in the portrait and commercial worlds. He is based in Scotland and has been an early adopter - and occasional beta tester - of almost every digital imaging technology in that time. As well as his creative visual work, John uses 3D printing, electronics and programming to create his own photography and filmmaking tools and consults for a number of brands across the industry.

« If you have a giant phone and shoot on location, you need the Cosyspeed Phoneslinger
“Upskirting” in the UK can now get you up to 2 years in prison »

Submit A Story

Get our FREE Lighting Book

DIYP lighting book cover

* download requires newsletter signup
DIYPhotography

Recent Comments

Free Resources

Advanced lighting book

Recent Posts

  • Here’s a bullet time video booth you can build yourself
  • Ricoh has discontinued the HD PENTAX-DA 21mm F3.2AL Limited silver lens
  • This “stellar flower” unravels the twilight’s evolution in 360 degrees
  • Strobes vs Continuous LEDs – Which is right for you?
  • Wave goodbye to Apple’s My Photo Stream next month

Udi Tirosh: from diyphotography.netUdi Tirosh is an entrepreneur, photography inventor, journalist, educator, and writer based in Israel. With over 25 years of experience in the photo-video industry, Udi has built and sold several photography-related brands. Udi has a double degree in mass media communications and computer science.

Alex Baker: from diyphotography.netAlex Baker is a portrait and lifestyle driven photographer based in Valencia, Spain. She works on a range of projects from commercial to fine art and has had work featured in publications such as The Daily Mail, Conde Nast Traveller and El Mundo, and has exhibited work across Europe

David Williams: from diyphotography.netDave Williams is an accomplished travel photographer, writer, and best-selling author from the UK. He is also a photography educator and published Aurora expert. Dave has traveled extensively in recent years, capturing stunning images from around the world in a modified van. His work has been featured in various publications and he has worked with notable brands such as Skoda, EE, Boeing, Huawei, Microsoft, BMW, Conde Nast, Electronic Arts, Discovery, BBC, The Guardian, ESPN, NBC, and many others.

John Aldred: from diyphotography.netJohn Aldred is a photographer with over 20 years of experience in the portrait and commercial worlds. He is based in Scotland and has been an early adopter - and occasional beta tester - of almost every digital imaging technology in that time. As well as his creative visual work, John uses 3D printing, electronics and programming to create his own photography and filmmaking tools and consults for a number of brands across the industry.

Dunja Djudjic: from diyphotography.netDunja Djudjic is a multi-talented artist based in Novi Sad, Serbia. With 15 years of experience as a photographer, she specializes in capturing the beauty of nature, travel, and fine art. In addition to her photography, Dunja also expresses her creativity through writing, embroidery, and jewelry making.

Copyright © DIYPhotography 2006 - 2023 | About | Contact | Advertise | Write for DIYP | Full Disclosure | Privacy Policy