According to the company the breach exposed users’ first and last names, usernames, the email addresses they used to create their accounts, a hash of their passwords and their birthdates. It also compromised their gender and their city/state/province/country if they chose to provide them. Thankfully, 500px found no evidence of unauthorized entry into users’ accounts and no evidence that the breach exposed data other than the ones it listed. People’s credit card details were apparently left untouched.
In its announcement, the company said it’s monitoring its source codes to protect against further security issues. It also promises to upgrade its security measures and network infrastructure. 500px has started sending out emails to all its users, asking them to change their passwords, and it’s offering to send them all their data on file within 72 hours if they email help[@]500px.com with a request.