Cyber Incident Victim: 500px

The 500px photography network confirmed a data breach on February 12, 2019, impacting users who had accounts on or prior to July 5, 2018. The company stated it became aware of the incident on February 8, 2019, and determined unauthorized access had compromised partial user profile information. Affected data categories included usernames, first and last names, email addresses, password hashes (with some using MD5), dates of birth, physical addresses, and gender information. 500px explicitly stated there was no evidence that payment data or financial information was accessed during the breach. The company initiated password resets for all affected accounts, prioritizing those secured with MD5 hashing due to its known vulnerabilities. Law enforcement agencies were notified, and a third-party security firm was engaged to assist with the investigation and remediation efforts.

The breach disclosure coincided with reports of another security incident involving programming education platform DataCamp, which also experienced unauthorized access exposing user email addresses, names, bcrypt-hashed passwords, and potentially profile details like biographies and locations. Media reports indicated that datasets from both 500px and DataCamp appeared for sale on dark web markets alongside data from other major breaches, including the MyHeritage and MyFitnessPal incidents. 500px attributed the breach to compromised user profile information provided voluntarily during account setup or profile customization. The company did not disclose the exact number of affected users, the method of intrusion, or whether the attackers exploited specific technical vulnerabilities. No further details about the investigation's findings or long-term corrective measures were provided in the initial disclosure.