What Happened
In February 2018, the photography platform EyeEm suffered a data breach that exposed approximately 19.8 million user records. The breach went undetected for nearly a year before being discovered and publicly disclosed in February 2019. The compromised data included email addresses, usernames, first names, profile bios, and SHA1-hashed passwords with salts, which hackers obtained by exploiting security vulnerabilities in the platform’s web application. The stolen data was subsequently offered for sale on the dark web by a single threat actor, making it one of the largest security incidents affecting a creative community platform during that period.
