Flickr warns of data breach exposing user emails and names
▼ Summary
– Flickr is notifying users of a potential data breach caused by a vulnerability at a third-party email service provider.
– The exposed information includes real names, email addresses, IP addresses, and account activity, but not passwords or payment card numbers.
– The company shut down access to the affected system within hours of being alerted to the flaw on February 5, 2026.
– Flickr has advised affected users to review their accounts, be vigilant against phishing, and update passwords reused on other services.
– The company apologized and stated it is taking immediate action to investigate and strengthen its systems to prevent similar issues.
A recent security incident at a popular photo-sharing service has put user information at risk. The platform, which hosts billions of images and serves millions of users monthly, is alerting its community after a flaw in an external email service provider potentially exposed personal data. While the specific vendor and the total number of impacted accounts remain undisclosed, the company acted swiftly to contain the issue upon discovery.
The vulnerability, identified on February 5, 2026, could have allowed unauthorized parties to access certain member details. The company confirmed that sensitive financial data and user passwords were not compromised in this event. Access to the affected system was terminated within hours of the initial alert. The information that may have been accessed includes users’ real names, email addresses, account usernames, IP addresses, general location data, and details regarding their activity on the platform.
In communications sent to affected individuals, the service emphasized that it does not request passwords via email and urged users to be cautious of potential phishing attempts that might leverage the exposed information. Members are advised to scrutinize their account settings for any unauthorized alterations. Furthermore, as a standard security practice, users should promptly update their passwords, especially if they have reused their credentials from this site on other online services.
The platform has issued a formal apology for the incident and the concern it may generate. It reiterated a strong commitment to data privacy and security, outlining immediate steps to prevent recurrence. These measures include launching a comprehensive investigation, reinforcing internal system architecture, and implementing more rigorous oversight of all third-party service providers. The community is one of the largest of its kind globally, underscoring the significant scope of the potential exposure.
(Source: Bleeping Computer)
