- Flickr confirmed breach in February 2026 via third-party email provider, exposing customer PII
- Stolen data includes names, emails, usernames, account types, IPs and locations; passwords and financial information are not affected
- The company warns of phishing risks; global impact likely given Flickr’s 35 million monthly users in 190 countries
The popular photo-sharing site Flickr confirmed that it suffered a third-party cyber attack in which it lost sensitive data on an as yet undisclosed number of customers.
In an email message sent to its customers seen by The Register’s reporters, Flickr said the attack originated from an unnamed third-party email service provider. It took place on February 5 and was seen “within hours”.
The hackers were expelled, the vulnerable endpoint isolated and further access blocked. Relevant authorities and data protection guards as well as customers have been notified. Flickr also said it expects the third-party email provider to launch an investigation and share the details.
Incoming phishing
“We are conducting a thorough review and strengthening our security practices with third-party providers,” Flickr’s email said. “We have notified the relevant data protection authorities.”
The scammers stole people’s names, email addresses, usernames, account types, IP addresses and general locations, although the exact set of data varies from person to person. Passwords and financial data were not obtained, it added.
Flickr warned its customers about incoming emails, especially those claiming to be from the photo-sharing company.
In the email, it also shared links to European and US data protection authorities, which The Register interpreted as indicating the hack is likely to affect multiple regions. After all, Flickr is a global brand – it operates in 190 countries and apparently has more than 35 million monthly users.
So far, no threat actors have claimed responsibility for the attack, and the stolen data is yet to be announced on the dark web. Cybercriminals can use PII to launch customized phishing attacks. For example, they may claim that Flickr seeks to suspend people’s accounts until a payment is made or until payment information is “verified,” possibly tricking users into sharing these types of secrets.
Therefore, users should be extra careful when opening incoming emails.
Via The register
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
