Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Security Social Networks The Internet

Personal Information of 14.8 Million 500px Users Exposed In Security Breach (theverge.com) 27

Photo-sharing service 500px has announced that it was the victim of a hack back in July 2018 and that personal data was exposed for all the roughly 14.8 million accounts that existed at the time. PetaPixel reports: In an email sent out to users and an announcement posted to its website, 500px states that it was only on February 8th, 2019, that its team learned of an unauthorized intrusion to its system that occurred on or around July 5th, 2018. The personal data that may have been stolen by the intruder includes first and last names, usernames, email addresses, password hashes (i.e. not plaintext passwords), location (i.e. city, state, country), birth date, and gender. The company has reset all 500px account passwords, so to get back into your account you'll need to pick a new one using the recovery email system. "At this time, there is no indication of unauthorized access to your account, and no evidence that other data associated with your user profile was affected, such as credit card information (which is not stored on our servers), if used to make any purchases, or any other sensitive personal information," 500px says. "We recommend you change your password on any other website or app on which you use a password that is the same as or similar to your password for your 500px account," 500px says.
This discussion has been archived. No new comments can be posted.

Personal Information of 14.8 Million 500px Users Exposed In Security Breach

Comments Filter:
  • Comment removed (Score:4, Interesting)

    by account_deleted ( 4530225 ) on Thursday February 14, 2019 @05:37AM (#58119988)
    Comment removed based on user account deletion
    • by ReneR ( 1057034 )
      Don't think costs will help much. There are already lawsuit costs and loss of customers due trust today. For the most part many companies, management, but also developer (who sometimes are not even that skilled and can barely click stuff together) plus many systems and languages (hint: PHP) are also inherently insecure. We need a whole new security first thinking. Also if that would be your company, and you architectured a really nice and secure system, and then there is one stupid small little typo bug and
    • by AmiMoJo ( 196126 )

      GDPR makes the fine up to 4% of global turnover, which seems like a good way of scaling it to the size of the company. The money should go to the victims, although due to it being difficult to identify them that probably means it would be spent on providing everyone with stuff like identity fraud protection.

    • by kaur ( 1948056 )

      The best to give this money to is the NSA.

      500px is a Canadian company.
      Why should they pay an intelligence service of a foreign power?
      Maybe give the cash to Chinese or Russians instead of USA?

    • Nothing is going to get done until a company's articles of incorporation papers are dissolved, and the corporate veil pierced if there are enough egregious violations of security.

      With the fact that anyone in the top brass can short their stock or buy put options when they find out about the breach, then finish the transaction after the public announcement, after things tumble, make a mint from it. Not like this is insider trading or anything.

    • by dgatwood ( 11270 )

      I would propose a 1USD for each account that has been breached. That way small companies pay small amounts and large companies pay large amounts.

      The risk is that some companies will treat this not as a fine, but rather as a fee, with small companies saying, "Yeah, but we can just pay a buck per account, and we're good," and large companies being the only ones to take security seriously.

      I think it would be better for the fine to be proportional to how much effort the company spent on ensuring that your infor

  • 500px has announced that it was the victim of a hack back in July 2018 and that personal data was exposed for all the roughly 14.8 million accounts that existed at the time. PetaPixel reports:

    500px * 14.8 million users < 1 PetaPixel
    Sorry, that's where my mind went.

  • Guess the programmers don't know about compartmentalization, and the ops people don't know about intrusion detection. http://www.transition2agile.co... [transition2agile.com]
    • by mentil ( 1748130 )

      They took the 'move fast and break things' credo literally. If they went Waterfall the database would've been lost in a flood. They wanted to try pair coding but couldn't find enough married programmers. Then they attempted to pivot to cowboy coding, with plenty of spaghetti code, but Sergio Leone wasn't available for that.

    • That is a microcosm of the industry in general. Take a typical company. They are pivoting to DevOps, and have implemented Scrum. A manager takes the role of the SCRUM master and turns daily stand-up meetings into kangaroo court sessions with developers wringing their hands, pointing to someone, and saying, "wah! He's blocking me!" Because marketing already sold the feature to customers, development is always in a permanent sprint to throw -anything- together so the sales people are not considered total

      • by bodog ( 231448 )

        simply mod++ , too many things to quote and agree with after seeing this up close and personal :)

  • by fox171171 ( 1425329 ) on Thursday February 14, 2019 @07:45AM (#58120210)

    The personal data that may have been stolen by the intruder includes first and last names, usernames, email addresses, password hashes (i.e. not plaintext passwords), location (i.e. city, state, country), birth date, and gender.

    Of those, username, email address, password hash are the only information that they should have had.

    • Agreed - who the hell provides their birthday to a photo sharing service? If it's required because of the possibility of adult content, who the hell provides their *real* birthday?

  • We have a "One BILLION Users" lose their personal data story on /. about once every two days. At this point, is there anyone that doesn't have all their data in the wild? How is that mathematically possible?

  • It notes first/last, birthdate, location (as provided by the user for their profile), gender along with username, email and password hashes.

    After changing my password and signing in, checking my profile shows that none of those are filled except username, email and (presumably) password hash, and I'm 99% sure (it was based on a pattern since I was going to be entering it on multiple devices and since I frankly don't *care* about the security of my 500px account) I've not used that specific password anywhere

"The whole problem with the world is that fools and fanatics are always so certain of themselves, but wiser people so full of doubts." -- Bertrand Russell

Working...