NordVPN Offers Some Expert Advice on the 500px Data Breach
This week 500px, a popular photo-sharing service, confirmed that the personal information of 14.8 million of its users was impacted by a security breach. 500px users’ data is now for sale on the dark web, together with records stolen from fifteen other compromised websites.
“Even giant companies are not doing enough to secure sensitive user data. At the moment, approximately 620 million records stolen from sixteen compromised websites, including 500px, are up for sale on the dark web. The whole batch is available for roughly $20,000 in Bitcoin. However, no one knows how many cyber criminals and other shady personas have acquired it so far,” says Ruby Gonzalez, Head of Communications at NordVPN. “We urge all internet users to share less sensitive information online and to use security services, such as antivirus and VPN.”
In an email sent out to users, 500px states that the personal data compromised in the breach might include the following:
– “Your first and last name as entered on 500px
– Your 500px username
– The email address associated with your 500px login
– A hash of your password, which is hashed using a strong, one-way cryptographic algorithm – such hashes are almost impossible to reverse-engineer to access your original password
– Your city, state/province, country, if provided
– Your birth date, if provided
– Your gender, if provided”
What to do if your account gets compromised
If your account has been hacked or compromised in a data breach, you should act quickly, before hackers can get their hands on other important information.
1. Get back into your account
The first important step for you to do is to log into your account and change password immediately. It shouldn’t be ‘password’ or ‘imthekingoftheworld.’ Your password needs to be strong. Try this trick: think of a statement, for example, “I love to go for a walk every evening.” Then, turn it into 1l2g4awEVe (replacing I with 1, to with 2, for with 4, and every with EV).
If possible, use two-step authentication and get a password manager like LastPass or 1Password. Most importantly, never reuse the same password for all of your accounts.
2. Take care of your other accounts
If you used the same or similar password for more than one account, change it on all other key platforms and accounts immediately. That includes your email, Facebook, Amazon, Twitter, LinkedIn, and other. Even though hackers, most probably, got hold of your hashed password, there’s still a chance they can decrypt it and get the real password.
Check haveibeenpwned.com to see if you have an account that has been compromised in a data breach before.
3. Update your settings and available data
Go through the privacy settings and data you provide both on the breached platform and all the other important platforms you use. Make sure you share only the required information and remove what’s not necessary, for example, your phone number and favourite locations. This way, even if your account gets hacked, it will be of less value for hackers.
Common advice is to share as little as possible online. If you are not intent on getting worldwide attention, change your account settings from ‘Public’ to ‘Private.’
4. Revoke access to third-party apps
In Quora case, for the user convenience, there was a possibility to connect to the platform with Facebook and Google. Check, whether you permitted access to view one of those accounts.
We recommend reviewing which of your accounts are linked and rethink if you really need that. Revoke access to applications that are no longer in use, as well as suspicious ones.
5. Beware of phishing scams
Since hackers may have detailed profile information of almost 15 million users on 500px, we are likely to see more personalized and sophisticated phishing scams in the near future. Phishing scams are very effective, as criminals usually use a piece of real private information.
You should be careful if you get seemingly legitimate, personalized messages from banks or any other familiar organizations. That is especially valid if they ask for more personal details, fund transfers or to click on any link. For additional safety, use a VPN, like NordVPN. Using a VPN when browsing can help to protect you against malicious websites and phishing sites.