Personal Information of 14.8 Million 500px Users Exposed In Security Breach (theverge.com) 27
Photo-sharing service 500px has announced that it was the victim of a hack back in July 2018 and that personal data was exposed for all the roughly 14.8 million accounts that existed at the time. PetaPixel reports: In an email sent out to users and an announcement posted to its website, 500px states that it was only on February 8th, 2019, that its team learned of an unauthorized intrusion to its system that occurred on or around July 5th, 2018. The personal data that may have been stolen by the intruder includes first and last names, usernames, email addresses, password hashes (i.e. not plaintext passwords), location (i.e. city, state, country), birth date, and gender. The company has reset all 500px account passwords, so to get back into your account you'll need to pick a new one using the recovery email system. "At this time, there is no indication of unauthorized access to your account, and no evidence that other data associated with your user profile was affected, such as credit card information (which is not stored on our servers), if used to make any purchases, or any other sensitive personal information," 500px says. "We recommend you change your password on any other website or app on which you use a password that is the same as or similar to your password for your 500px account," 500px says.
Comment removed (Score:4, Interesting)
Re: (Score:2)
Re: (Score:2)
GDPR makes the fine up to 4% of global turnover, which seems like a good way of scaling it to the size of the company. The money should go to the victims, although due to it being difficult to identify them that probably means it would be spent on providing everyone with stuff like identity fraud protection.
Re: (Score:3)
The best to give this money to is the NSA.
500px is a Canadian company.
Why should they pay an intelligence service of a foreign power?
Maybe give the cash to Chinese or Russians instead of USA?
Re: (Score:2)
Nothing is going to get done until a company's articles of incorporation papers are dissolved, and the corporate veil pierced if there are enough egregious violations of security.
With the fact that anyone in the top brass can short their stock or buy put options when they find out about the breach, then finish the transaction after the public announcement, after things tumble, make a mint from it. Not like this is insider trading or anything.
Re: (Score:2)
The risk is that some companies will treat this not as a fine, but rather as a fee, with small companies saying, "Yeah, but we can just pay a buck per account, and we're good," and large companies being the only ones to take security seriously.
I think it would be better for the fine to be proportional to how much effort the company spent on ensuring that your infor
Pixel Math (Score:2)
500px has announced that it was the victim of a hack back in July 2018 and that personal data was exposed for all the roughly 14.8 million accounts that existed at the time. PetaPixel reports:
500px * 14.8 million users < 1 PetaPixel
Sorry, that's where my mind went.
Why was it all in one database? (Score:2)
Re: (Score:2)
They took the 'move fast and break things' credo literally. If they went Waterfall the database would've been lost in a flood. They wanted to try pair coding but couldn't find enough married programmers. Then they attempted to pivot to cowboy coding, with plenty of spaghetti code, but Sergio Leone wasn't available for that.
Re: (Score:2)
Re: (Score:3)
That is a microcosm of the industry in general. Take a typical company. They are pivoting to DevOps, and have implemented Scrum. A manager takes the role of the SCRUM master and turns daily stand-up meetings into kangaroo court sessions with developers wringing their hands, pointing to someone, and saying, "wah! He's blocking me!" Because marketing already sold the feature to customers, development is always in a permanent sprint to throw -anything- together so the sales people are not considered total
Re: (Score:1)
simply mod++ , too many things to quote and agree with after seeing this up close and personal :)
Can't lose what they don't have. (Score:3)
The personal data that may have been stolen by the intruder includes first and last names, usernames, email addresses, password hashes (i.e. not plaintext passwords), location (i.e. city, state, country), birth date, and gender.
Of those, username, email address, password hash are the only information that they should have had.
Re: (Score:2)
Agreed - who the hell provides their birthday to a photo sharing service? If it's required because of the possibility of adult content, who the hell provides their *real* birthday?
It's all gone already (Score:2)
We have a "One BILLION Users" lose their personal data story on /. about once every two days. At this point, is there anyone that doesn't have all their data in the wild? How is that mathematically possible?
Very little information is *required* (Score:2)
After changing my password and signing in, checking my profile shows that none of those are filled except username, email and (presumably) password hash, and I'm 99% sure (it was based on a pattern since I was going to be entering it on multiple devices and since I frankly don't *care* about the security of my 500px account) I've not used that specific password anywhere