Flickr says a third-party email vendor flaw may have exposed user names, emails, IP data, and activity logs, though passwords and payments stayed secure.
A security flaw at a third-party email service provider has potentially exposed the personal details of Flickr members. On February 5, 2026, the popular photo-sharing platform was alerted to a vulnerability within a system managed by one of its external vendors. This loophole may have allowed unauthorised individuals to view specific member data.
Flickr, currently operated by SmugMug, acted quickly to address the issue, disabling access to the compromised system within hours of the discovery. For your information, this incident follows a similar pattern to a recent security report involving Substack, newsletter platform. As reported by Hackread.com, a hacker using the alias ‘w1kkid’ claimed on February 2, 2026, to have extracted over 662,000 user records from Substack, a breach the company’s CEO only confirmed days later.
Details of the Data Exposure
While any security breach is concerning, in Flickr’s case, passwords and financial information reportedly remained entirely secure. The vulnerability did not grant access to encrypted login credentials or payment card numbers. The data possibly at risk included:
- Real names and registered email addresses
- Logs of user activity on the platform
- IP addresses and general geographic locations
- Flickr usernames and account types (such as Pro or Free)
Flickr is a major player in the photography world, hosting over 28 billion images for its 35 million monthly users. It is worth noting, however, that the company has not yet specified the exact number of accounts impacted by this vendor-related issue.
The Company’s Response
In their official security notice, Flickr confirmed they have already notified the relevant data protection authorities. To prevent future issues, they are currently “strengthening system architecture” and increasing their oversight of all outside partners.
“We sincerely apologize for this incident and for the concern it may cause. We take the privacy and security of your data extremely seriously, and we are taking immediate action to prevent any similar issues by conducting a thorough investigation, strengthening our system architecture, & further enhancing our monitoring of third-party service providers,” Flickr concluded.
What Flickr Advises You to Do
As we know it, data leaks are frequently used to fuel phishing campaigns. To stay safe, the company recommends being cautious of any unexpected emails mentioning your Flickr account, explicitly stating that:
“We will never ask for your password via email.”
Also, if you use the same password for Flickr as you do for other websites, it is a sensible precaution to change it immediately. Lastly, check your settings by logging in to your account and reviewing your profile for any unrecognised changes.