Flickr (yes, it"s still around) has started notifying users about a security hole that popped up at one of its third-party email service providers, which potentially exposed members" real names, email addresses, and other information. This comes just after Substack announced that it suffered a data scraping incident back in October last year that exposed user records like email addresses, though the company insists no financial information or passwords were stolen in this specific attack.
Flickr, just like Substack, failed to say exactly how many users were affected by this specific vendor screw-up, apart from the fact that real names and email addresses definitely got exposed. The security notice explicitly lists other data points the hackers potentially got their hands on, including Flickr usernames, account types, IP addresses, general location data, and activity logs on the site. Payment card numbers and passwords were not affected, according to the notice.
Here is how the company is responding to the incident, according to its statement:
Our immediate response
- We disabled access to the affected system & removed all links to the vulnerable endpoint.
- We notified the service provider & demanded a full investigation.
- We are conducting a thorough review & strengthening our security practices with third-party providers.
- We notified the relevant data protection authorities.
While Flickr is no longer the dominant social network it was in the mid-2000s, it has survived by moving away from being a mass-market "social media" platform to becoming a niche community for photographers and archivists, with over 15 million monthly active users.
One contributor to its "downfall" was Yahoo, its previous owner, missing the mobile revolution and being slow to develop a mobile app, which allowed Instagram to eat its lunch. The platform was eventually sold to SmugMug, which has since made a couple of controversial changes, like removing the famous free 1TB of storage plan and adding download restrictions that prevent free account holders from downloading high-resolution versions of images (including their own).
Via: Bleeping Computer