Photo-sharing website 500px says that the personal information of 14.8 million of its users was impacted by a security breach that occurred in July 2018. The site says that it is in the process of notifying all of its users and resetting their login credentials.
The notification (via PetaPixel) outlines that the company’s engineering team discovered a “potential security issue” on February 8th, and when they dug a bit deeper, they discovered that someone had breached their systems around July 5th, 2018. That unknown party “acquired partial user data” that users entered into the platform: first and last names, usernames, email address, and a hashed version of their password as well as a user’s birthdate, gender, and location if they entered that information. The company also says that “there is no indication of unauthorized access” to user accounts, adding that information like credit card numbers wasn’t stored on company servers, and, as a result, it wasn’t accessed.
500px says that it’s since secured the vulnerability, and only members of the site before July 5th, 2018 were affected. The company is in the process of sending out notifications to all of its affected users, urging them to reset their password. The company also notes that it’s alerted the police and has retained a private security firm to investigate the issue. It was coming to the end of a year-long process to upgrade its network infrastructure, which should help with security going forward.