FLICKR has disclosed a data security incident affecting its users after a vulnerability was found in a system operated by one of its email service providers. On February 5, 2026, Flickr said, this flaw may have allowed unauthorized access to some member information, and access to the affected system was shut down within hours of learning of the issue; the impacted service provider has not been named.
Exposed data reportedly includes names, email addresses, usernames, account types, IP addresses, general location, and Flickr activity data, while passwords and payment card numbers were not affected. The company notes that while certain user data may have been exposed, it does not indicate that hackers actually accessed or stole the information, only that unauthorized access could have occurred.
SecurityWeek reports that no threat actor—ransomware group or other cybercrime actor—has publicly claimed to have stolen Flickr data. Users are being urged to be cautious of Flickr-themed phishing emails.