Data breach confirmed by 500px with ‘partial user data’ hit

Users of the photography site 500px will need to reset their passwords, following a breach where an attacker was able to take “partial user data” from July 5 last year.

According to a blog post by the company, the data types hit include usernames, first and last names, email address, password hash, date of birth, address information, and gender.

“If you were a 500px user on or prior to July 5, 2018, you have been affected,” the company said.

“We’ve concluded this issue affected certain information that users provided when filling out their user profiles.”

500px said it learned of the issue on February 8, and added there is no evidence that payment data has been accessed.

“We have alerted law enforcement, in addition to retaining a security firm to assist us in the investigation and next steps,” it said.

At the same time that 500px was alerting its users of the incident, folks on social media were claiming programming education site DataCamp was also breached, with email, name, bcrypt-hashed password, and potentially location, biography, education, and picture among the data exposed.

ZDNet has reached out to DataCamp for confirmation, but The Register has reported both 500px and DataCamp data is available for purchase on the dark web, along with a menagerie of data from other sites.

Among that data, The Register reported, is data from the 92.2 million account MyHeritage breach, and well as data from a MyFitnessPal breach that hit 150 million accounts.

Related Coverage