Flickr has confirmed a recent security incident linked to a third-party email service provider, which may have resulted in some members’ personal information being exposed. Flickr was alerted to the vulnerability on 5 February 2026 and disabled access to the affected system within hours.
What information may have been exposed?
The data potentially accessed includes real names, email addresses, Flickr usernames, account types, IP addresses, general location data, and site activity logs. Importantly, Flickr has confirmed that passwords and payment card details were not affected.
How many users are impacted?
While some reports suggest that up to 35 million monthly users could be at risk, Flickr has not yet confirmed the exact number of affected accounts.
What caused the incident?
The breach originated from a vulnerability within a system operated by an unnamed third-party email service provider, rather than Flickr’s core platform.
What should users do now?
- Stay alert: Be cautious of phishing emails or messages claiming to relate to your Flickr account. Attackers may use personal details to make scams appear convincing.
- Check your account: Review your Flickr account settings for any unexpected changes or suspicious activity.
- Review password use: If you use the same password on other websites, change it immediately on those services to reduce the risk of credential-stuffing attacks.
- Know what’s legitimate: Flickr will never ask for your password via email.
If you use Flickr and are concerned about account security, now is a good time to review your settings and remain vigilant against phishing attempts. For businesses and organisations, this incident is also a timely reminder of the importance of strong third-party security management and user awareness.