Data breach confirmed by 500px with 'partial user data' hit

The photography network has reset all passwords, starting with ones hashed with MD5.
Written by Chris Duckett, Contributor

Users of the photography site 500px will need to reset their passwords, following a breach where an attacker was able to take "partial user data" from July 5 last year.

According to a blog post by the company, the data types hit include usernames, first and last names, email address, password hash, date of birth, address information, and gender.

"If you were a 500px user on or prior to July 5, 2018, you have been affected," the company said.

"We've concluded this issue affected certain information that users provided when filling out their user profiles."

500px said it learned of the issue on February 8, and added there is no evidence that payment data has been accessed.

"We have alerted law enforcement, in addition to retaining a security firm to assist us in the investigation and next steps," it said.

At the same time that 500px had alerted its users of the incident, folks on social media were claiming programming education site DataCamp was also breached, with email, name, bcrypt-hashed password, and potentially location, biography, education, and picture among the data exposed.

"On Monday, February 11, 2019, we discovered some user data was exposed as a result of criminal unauthorized access to one of our systems by a malicious third party," DataCamp confirmed after publication to ZDNet.

"We are sorry for any concern or inconvenience this may cause. We are working rapidly to investigate the situation further and take appropriate steps to prevent such incidents in the future."

The company said in a blog post that it is still investigating the cause of the incident.

Meanwhile, The Register has reported both 500px and DataCamp data is available for purchase on the dark web, along with a menagerie of data from other sites.

Among that data, The Register reported, is data from the 92.2 million account MyHeritage breach, and well as data from a MyFitnessPal breach that hit 150 million accounts.

Updated at 3.12pm AEDT, February 13, 2019: Added DataCamp response.

Related Coverage

Editorial standards