- Flickr confirmed a breach in February 2026 via a third-party email provider, exposing customer PII
- The stolen data includes names, emails, usernames, account types, IP addresses and locations; Passwords and financial information not affected
- The company warns about phishing risks; A global impact is likely given Flickr’s 35 million monthly users in 190 countries.
Popular image-sharing website Flickr confirmed to have suffered a cyberattack from a third party in which it lost confidential data of an as yet undisclosed number of customers.
In an email notification sent to its customers, seen by The Register journalists, Flickr said the attack came from an unidentified third-party email service provider. It took place on February 5 and was detected “within hours.”
The hackers were kicked out, the vulnerable endpoint was isolated and access was banned. Relevant authorities and data protection supervisory bodies, as well as customers, have been notified. Flickr also said it expects the email service provider to launch an investigation and share details.
Incoming phishing
“We are conducting a thorough review and strengthening our security practices with third-party vendors,” the Flickr email said. “We notify the relevant data protection authorities.”
The criminals stole people’s names, email addresses, usernames, account types, IP addresses, and general locations, although the exact set of data varies from person to person. No passwords or financial data were obtained, he added.
Flickr warned its customers about incoming emails, especially those claiming to be from the image-sharing company.
In the email, he also shared links to European and US data protection authorities, which The Register interpreted to mean that the attack would likely affect multiple regions. After all, Flickr is a global brand: it operates in 190 countries and apparently has more than 35 million monthly users.
So far, no threat actors have claimed responsibility for the attack and the stolen data is yet to be advertised on the dark web. Cybercriminals can use PII to launch personalized phishing attacks. For example, they may claim that Flickr is looking to suspend people’s accounts until a payment is made or payment details are “confirmed,” possibly tricking users into sharing these types of secrets.
Therefore, users should be very careful when opening incoming email messages.
Through The Registry
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
