Last month, Facebook and Instagram were hit by a major bug that exposed users’ passwords as plain text. Facebook has now confirmed that even more users were affected than it was initially estimated: and they are counted in millions.
Last night, I received an email from EyeEm about a “data security incident.” 22 million accounts have been compromised, exposing the users’ names, email addresses, and encrypted versions of passwords. However, EyeEm wasn’t the only victim of this data breach. It’s the same one that hit 500px, and it also affected 25 million users of Animoto.
If you own a Flickr account you should probably change your password the minute you read this post. Yahoo says that the data breach occurred in late 2014 and “The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers“.
This does not mean that your Flickr password was necessarily stolen (and if it was, it is not that easy to un-hash hashed passwords), but you should probably change your password just to be safe. Especially if this user/password combo is used for more than Flickr.
You can read more about this breach on Yahoo’s FAQ.
P.S. in case you are looking for an alternative, here are some self hosted options for you.
If you’ve downloaded InstaAgent, an iOS and Android app designed to let you see who’s viewed your Instagram profile, you might want to delete it from your smartphone. According to a new report, the app – whose full name is ‘Who Viewed Your Profile – InstaAgent’ – is not only storing usernames and passwords in plaintext and sending them to a remote server, but also using those very credentials to log in and post unwanted images to users’ profiles.
InstaAgent has since been removed from both the Google Play Store and iOS App Store, but so long as it’s on your phone, it can still send your information.[Read More…]