Turns out the 500px data breach we reported on last week wasn't an isolated incident. According to The Register the data breach affected not only 500px but a total of 16 websites, including mobile image sharing platform EyeEm, Animoto, Artsy and Fotolog.
Overall the details of more than 617 million online accounts were stolen and offered for sale on the dark web. Below is a comprehensive list of the affected websites (not all of which are photo related) and accompanying number of accounts that were stolen:
• 8fit (20 million)
• 500px (15 million)
• Animoto (25 million)
• Armor Games (11 million)
• Artsy (1 million)
• BookMate (8 million)
• CoffeeMeetsBagel (6 million)
• DataCamp (700,000)
• Dubsmash (162 million)
• EyeEm (22 million)
• Fotolog (16 million)
• HauteLook (28 million)
• MyFitnessPal (151 million)
• MyHeritage (92 million)
• ShareThis (41 million)
• Whitepages (18 million)
EyeEm sent an email out to its user base, saying 22 million of its accounts had been compromised but no payment or payout data had been affected. The breach exposed users’ names, email addresses, and encrypted versions of passwords, however.
The company also writes that it only recently become aware of the hack, despite the fact that it happened back on July 5th 2018. Upon discovery of the issue all passwords were disabled and emails went out to the EyeEm community.
EyeEm also asks its users to not reuse old passwords, not use the same password on multiple websites, use multi-factor authentication whenever possible and use as password management tool. This is sensible advice, no matter if you're affected by any of the hacks or not.
Update (February 18th, 2019): This article has been updated with more detailed information regarding the compromised sites and the number of accounts believed to be affected. Thanks to DPR reader FalconEyes for pointing this out.
. dpreview.com2019-2-19 23:56