Flickr Notifies Users of Data Breach via Third-Party Email Service Provider
Flickr, the long-standing photo-sharing platform with over 28 billion hosted images and 35 million monthly users, has alerted users to a potential data breach stemming from a vulnerability in a third-party email service provider. The incident, discovered on February 5, 2026, exposed sensitive user information, though the company confirmed that passwords and payment details were not compromised.
The breach may have allowed unauthorized access to real names, email addresses, Flickr usernames, IP addresses, general location data, and account activity. Flickr acted swiftly, disabling access to the affected system within hours of detection. The exact number of impacted users and the identity of the third-party provider remain undisclosed.
In notifications sent to affected users, Flickr acknowledged the incident and outlined steps to mitigate risks, including monitoring for phishing attempts and updating passwords particularly for those who reuse Flickr credentials elsewhere. The company emphasized its commitment to strengthening security measures, including a full investigation and enhanced oversight of third-party vendors.
While the breach did not expose financial data, the leaked information could still pose risks for targeted phishing or identity-related attacks. Flickr has apologized for the incident and pledged to bolster its defenses to prevent future vulnerabilities.
Flickr TPRM report: https://www.rankiteo.com/company/flickr
Third-party email service provider TPRM report: https://www.rankiteo.com/company/email-blaster-uk
"id": "fliema1770374130",
"linkid": "flickr, email-blaster-uk",
"type": "Breach",
"date": "2/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Photo-sharing platform',
'name': 'Flickr',
'size': 'Over 28 billion hosted images and 35 million '
'monthly users',
'type': 'Company'}],
'attack_vector': 'Third-party vulnerability',
'customer_advisories': 'Steps to mitigate risks, including monitoring for '
'phishing and updating passwords',
'data_breach': {'personally_identifiable_information': 'Real names, email '
'addresses, Flickr '
'usernames, IP '
'addresses, general '
'location data, '
'account activity',
'sensitivity_of_data': 'Medium (PII but no financial data)',
'type_of_data_compromised': 'User information'},
'date_detected': '2026-02-05',
'description': 'Flickr notified users of a potential data breach stemming '
'from a vulnerability in a third-party email service provider. '
'The incident exposed sensitive user information, though '
'passwords and payment details were not compromised.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'breach',
'data_compromised': 'Real names, email addresses, Flickr '
'usernames, IP addresses, general location '
'data, account activity',
'identity_theft_risk': 'Possible risk for targeted phishing or '
'identity-related attacks',
'payment_information_risk': 'None (payment details not '
'compromised)',
'systems_affected': 'Third-party email service provider'},
'investigation_status': 'Ongoing',
'lessons_learned': 'Need for enhanced oversight of third-party vendors and '
'stronger security measures',
'post_incident_analysis': {'corrective_actions': 'Enhanced oversight of '
'third-party vendors, full '
'investigation',
'root_causes': 'Vulnerability in third-party email '
'service provider'},
'recommendations': 'Monitor for phishing attempts, update passwords, and '
'avoid reusing credentials',
'references': [{'source': 'Flickr User Notification'}],
'response': {'communication_strategy': 'Notifications sent to affected users '
'with mitigation steps',
'containment_measures': 'Disabled access to the affected system '
'within hours of detection',
'incident_response_plan_activated': 'Yes',
'remediation_measures': 'Full investigation, enhanced oversight '
'of third-party vendors'},
'title': 'Flickr Data Breach via Third-Party Email Service Provider',
'type': 'Data Breach'}