# 500px and Fotolog sites compromised, user data stolen and being sold



## LDS (Feb 12, 2019)

Among other sites, 500px and Fotolog has been compromised in July and December 2018 respectively, and user data are being sold by miscreant.

500px is notifying users of the breach, while Fotolog didn't yet, but it could take some time to be notified.

For 500px, the data being sold include the username, email address, MD5-, SHA512- or bcrypt-hashed password, hash salt, [these are password storage techniques] first and last name, and if provided, birthday, gender, and city and country.

For Fotolog, information including email addresses, SHA256-hashed passwords, security questions and answers, full names, locations, interests, and other profile information.

The advice is to change passwords, not only on these sites, but on any site where the same user/password may have been reused, and of course also data like security questions.

More information here: https://www.theregister.co.uk/2019/02/11/620_million_hacked_accounts_dark_web/


----------

