Article Details

Flickr emails users about data breach, pins it on 3rd party. Attackers may have snapped user locations and activity information, message warns. Legacy image-sharing website Flickr suffered a data breach, according to customers emails seen by The Register. The hack transpired on February 5, an email to customers stated, and the company said it "shut down access to the affected system within hours of learning about it." The security issue stemmed from a third-party email service provider, the identity of which was not specified.  In the email, Flickr said it disabled access to the affected system and removed all links to the vulnerable endpoint before notifying its email provider and demanding an investigation into the incident. "We are conducting a thorough review and strengthening our security practices with third-party providers," Flickr's email stated. "We notified the relevant data protection authorities." As for the all-important 'what data was taken' question, it's the usual personally identifiable information (PII) and a few other less-expected markers. Thge message to custokers states that names, email addresses, usernames, account types, IP addresses and general locations, and Flickr activity were potentially accessed by hackers. What data is exposed, as always, depends on each given account. It won't be the same for everyone. The Register asked the SmugMug-owned company for more information, including how many of its users were affected. Since Flickr included links to both European and US data protection authorities in its email, potentially indicating the impact was felt in multiple regions. Flickr operates in 190 countries. As for its number of active users, Flickr's advertising arm says 35 million per month are contributing to the site, generating 800 million page views. Approximately 228,000 of these were in Europe, a Digital Services Act publication confirmed. The company's email warned users to beware of phishing emails referencing their account and reminded them that the real Flickr would never ask for things like passwords via email. It also suggested users review their account settings for any unexpected findings, and if they use the same password for Flickr as they do for other services, to consider changing it. Flickr's email said no password or financial information was affected, though. "We sincerely apologize for this incident and for the concern it may cause," the company said in the email.  "We take the privacy and security of your data extremely seriously, and we are taking immediate action to prevent any similar issues by conducting a thorough investigation, strengthening our system architecture, and further enhancing our monitoring of third-party service providers."