Flickr confirms data breach, tells customers their private info may have been affected - here's what we know

News
By published

Popular image sharing site had its data compromised

Website screenshot of Flickr (September, 2025)
(Image credit: Future)
  • Flickr confirmed February 2026 breach via third-party email provider, exposing customer PII
  • Stolen data includes names, emails, usernames, account types, IPs, and locations; passwords and financial info not affected
  • Company warns of phishing risks; global impact likely given Flickr’s 35M monthly users across 190 countries

Popular image sharing website Flickr confirmed suffering a third-party cyberattack in which it lost sensitive data on a yet undisclosed number of customers.

In an email notification sent to its customers, which The Register’s reporters saw, Flickr said the attack stemmed from an unnamed third-party email service provider. It took place on February 5 and was spotted “within hours”.

The hackers were ousted, the vulnerable endpoint isolated, and further access barred. Relevant authorities and data protection watchdogs, as well as customers, have been notified. Flickr also said it expects the third-party email service provider to launch an investigation and share the details.

Incoming phishing

"We are conducting a thorough review and strengthening our security practices with third-party providers," Flickr's email stated. "We notified the relevant data protection authorities."

The crooks stole people’s names, email addresses, usernames, account types, IP addresses, and general locations, although the exact set of data varies from person to person. Passwords and financial data were not obtained, it added.

Flickr warned its customers of incoming email messages, especially those claiming to be from the image sharing firm.

In the email, it also shared links to European and US data protection authorities, which The Register interpreted as the hack likely affecting multiple regions. Flickr is, after all, a global brand - it works in 190 countries, and apparently has more than 35 million monthly users.

So far, no threat actors claimed responsibility for the attack, and the stolen data is not yet being advertised on the dark web. Cybercriminals can use the PII to launch customized phishing attacks. For example, they can claim Flickr is looking to suspend people’s accounts until a payment is made, or until payment details are “confirmed”, possibly tricking users into sharing these types of secrets.

Therefore, users should be extra careful when opening up incoming email messages.

Via The Register

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.