The company discovered evidence of the breach on February 8th, and overall, to this point, their handling of the issue has been admirable.
They promptly contacted and are presently working with both law enforcement and a third-party security firm. They have alerted all impacted users of the incident. By this point, you should have already received some type of communication from the company.
According to the official statement put out by 500PX, when the hackers gained access, they were able to glean at least some, (and possibly all) information contained in the user’s profile. This information includes user name, password, location, any biographical information you may have entered, your education, and your photo (if you’ve included one in your profile).
The company took the step of force-resetting all user passwords, including those they do not believe to have been impacted by the breach. So the next time you log in, don’t let that take you by surprise.
It should go without saying, but if you’re still using the same password across multiple web properties, it’s a practice you need to stop immediately. If you’ve used the same password you use on 500PX on some other site, be sure to change it as well. Don’t give the hackers an easy way to cause you further harm. We have many posts on this subject.
Unfortunately, those are all the details we have about the breach currently. Although the company has promised to keep everyone updated as their investigation into the matter continues and as further details come to light. In the immediacy, the most important next step is to log in and reset your password.