Flickr Discloses Potential Data Exposure Following Third-Party Email Provider Vulnerability

Summarize with:

ChatGPT Claude.ai Google AI Grok Perplexity

Add as preferred source on Google

The photo-sharing platform Flickr has begun notifying users about a potential security incident that may have exposed their personal information. The Flickr data breach was caused by a security flaw discovered within a system operated by one of the company's third-party email service providers. 

The company has not yet disclosed which service provider was involved or the total number of users affected by the incident.

Scope of User Information Exposure

Flickr said a vulnerability in a system operated by a third-party email service provider may have allowed unauthorized access to some user information. The user information exposure includes:

• Names, 
• Email addresses, 
• Flickr usernames, 
• Account types, 
• IP addresses, 
• General location data. 

Additionally, user activity on the platform was among the compromised information. Flickr has explicitly stated that more sensitive credentials, such as account passwords and payment card numbers, were not exposed in this security event. 

Flickr was alerted to the vulnerability on February 5, 2026, according to notifications sent to users, and took action to shut down access to the compromised system within hours to mitigate further exposure. 

Cybersecurity for Photo-Sharing Platforms

While Flickr itself was not directly breached, a supply chain weakness created a significant security risk for its users. In response, Flickr has committed to conducting a thorough investigation, strengthening its system architecture, and enhancing its monitoring of third-party providers. 

The company is urging affected users to remain vigilant against phishing attempts that may exploit the leaked data.

In other recent news, 1.4 million Betterment email addresses were exposed following a third-party breach, and the Marquis data breach was linked to the SonicWall hack.

Related

Federal Charges Filed in 764-Linked CSAM Case Involving a 2-Year-Old Child

Apple Pay Users Targeted by Sophisticated Phishing Scam Leveraging Voice and Email

Italian La Sapienza University Systems Offline After Ransomware Attack

Malicious Campaigns Weaponize Iran Unrest for Monetization and Fraud: 580 Registered Domains Targeting the Crisis

Incognito Market Operator Rui-Siang Lin Sentenced to 30 Years in Major Dark Web Case

Court Records Reveal How a Former Coach Paid for Snapchat Impersonation to Obtain Nude Photos of Student-Athletes

Your Weekly Cybersecurity Briefing

Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.

Subscribe for Free

Please enter a valid email address.

Most Popular

Federal Charges Filed in 764-Linked CSAM Case Involving a 2-Year-Old Child

Apple Pay Users Targeted by Sophisticated Phishing Scam Leveraging Voice and Email

Italian La Sapienza University Systems Offline After Ransomware Attack

Malicious Campaigns Weaponize Iran Unrest for Monetization and Fraud: 580 Registered Domains Targeting the Crisis

Incognito Market Operator Rui-Siang Lin Sentenced to 30 Years in Major Dark Web Case

Court Records Reveal How a Former Coach Paid for Snapchat Impersonation to Obtain Nude Photos of Student-Athletes

Federal Charges Filed in 764-Linked CSAM Case Involving a 2-Year-Old Child

Apple Pay Users Targeted by Sophisticated Phishing Scam Leveraging Voice and Email

Italian La Sapienza University Systems Offline After Ransomware Attack

Malicious Campaigns Weaponize Iran Unrest for Monetization and Fraud: 580 Registered Domains Targeting the Crisis

Incognito Market Operator Rui-Siang Lin Sentenced to 30 Years in Major Dark Web Case

Court Records Reveal How a Former Coach Paid for Snapchat Impersonation to Obtain Nude Photos of Student-Athletes