Breșă de securitate la 500px

500px tocmai a trimis comunicatul de mai jos pe email. O încântare ca trebuie sa schimb parola din nou..și aici.

Știrea are cel puțin 2 săptămâni de când o citisem pe TheVerge iar 500px abia acum au considerat ca e oportun sa își anunțe

Our engineering team recently learned of a potential security issue affecting your 500px user account. We are taking this issue extremely seriously and have taken immediate action to address the situation and ensure the protection of our users’ data. Although there is no indication of unauthorized access to your account, as a precautionary measure, we require you to reset your 500px account password.

If you reset your password after 3 a.m. EST on Feb. 12, you do not need to reset it again. However, if you have not reset your password yet, please login to your 500px account and follow the instructions.

What happened?

On February 8, 2019, our engineering team became aware of a potential security issue affecting certain user profile data. We immediately launched a comprehensive review of our systems to understand the nature and scope of the issue. We engaged a third-party expert to assist us in our investigation and are coordinating with law enforcement authorities on this matter.

Based on our investigation to date, we believe that an unauthorized party gained access to our systems and acquired partial user data on approximately July 5, 2018. We’ve concluded this issue affected certain information that users provided when filling out their user profiles, as listed below. Our engineers are closely monitoring our platform and we’ve found no evidence to date of any recurrence of this issue.

What personal data may have been affected?

  • Your first and last name as entered on 500px
  • Your 500px username
  • The email address associated with your 500px login
  • A hash of your password, which is hashed using a strong, one-way cryptographic algorithm—such hashes are almost impossible to reverse-engineer to access your original password
  • Your city, state/province, country, if provided
  • Your birth date, if provided
  • Your gender, if provided

At this time, there is no indication of unauthorized access to your account, and no evidence that other data associated with your user profile was affected, such as credit card information (which is not stored on our servers), if used to make any purchases, or any other sensitive personal information.

What actions have we taken to protect your information?

  • We have vetted access to our servers, databases, and other sensitive data-storage services.
  • We have and are continuing to monitor our source code, both public-facing and internal, to protect against security issues.
  • We are partnering with leading experts in cyber security to further secure our website, mobile apps, internal systems, and security processes.
  • We are modifying our internal software development process.
  • We are continuing to upgrade our network infrastructure.

What can you do?

While our password security measures are robust and we have precautionary measures in place, we are taking additional steps to ensure your personal data remains secure. As a result, we are resetting all 500px account passwords. Please login to your 500px account to reset your password. Note: if you have reset your password after 3 a.m. EST on Feb. 12, you do not need to reset again.

We recommend you change your password on any other website or app on which you use a password that is the same as or similar to your password for your 500px account.

We take the security of your information extremely seriously, and we sincerely apologize with regret that this issue occurred. Going forward, we will continue to enhance our security measures to help keep your data safe, as well as implement additional measures to help prevent this type of incident from reoccurring.

If you have further questions, please consult our Support article on this matter, which includes details on how to contact us directly in relation to this issue. We’re on standby to help.

– 500px

      Cristian Iosub