Photography has been a hobby for decades. People take pictures on vacation, of their friends, pets, and virtually everything else. For special events, e.g. a wedding, graduation, or other event, they may hire a professional to not only take, but also print the pictures with quality paper.
In this instance, the Target was 500px. This is a photography website used, among other services, to store portfolios. The breach occurred at approximately Jul 5, 2018. This directly affected 14,870,304 of the service’s user accounts, or nearly all the accounts. Put another way, if the user had an account on or before July 5, 2018, they were impacted.
The organization was the victim of a successful attack, breach, and compromise. The data exfiltrated included names, user names, email addresses, birth date if the user provided it, city, state, country, and gender. This data is easily sold or otherwise used maliciously. This could be easily sold, used by the attackers, or simply used for credential stuffing attacks.
The timing seems unique for the breach and detection. The detection appears to have taken nearly 7.3 months to notice. This seems a bit long for any timeline. Seemingly any SIEM would have detected not only the unauthorized IP, but also the mass amount of data being floated from the organization. Nearly 15M users involves a mass amount of data. Also, the organization did not indicate how the attack happened. By now, the hole or vulnerability would have been fixed at this point. The publication would not have hurt the organization. Management could have disclosed something about, even at a high level, the successful attack.
There was a password reset for the 14.8M affected users. To correct this required a mass amount of time, which was compounded by calls from the users questioning what happened.
Digital Trends. (2019, February). 500px reveals almost 15 million users are caught up in security breach. Retrieved from https://www.digitaltrends.com/computing/500px-almost-15-million-users-caught-up-in-security-breach/
Dunn, J.E. (2019, February 15). Photography site 500px resets 14.8 million passwords after data breach. Retrieved from https://nakedsecurity.sophos.com/2019/02/15/photography-site-600px-resets-14-8-million-passwords-after-data-breach/
Page, C. (2019, February 13). 500px confirms 2018 data breach that exposed data on 15 million users. Retrieved from https://www.theinquirer.net/inquirer/news/3070980/500px-data-breach
About the Author - Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.
Share on Facebook
Share on Twitter
I'm busy working on my blog posts. Watch this space!