ACCORDING to Security Affairs, Flickr says a flaw at a third-party email provider may have exposed some users’ names, email addresses, IPs, and account activity, though passwords and payment data were not affected. The platform notes it shut down the affected system within hours of learning about the issue.
A data breach notification sent to impacted users says the incident was detected on 5 February 2026 and that access to the compromised system was blocked shortly afterwards, with the provider being alerted and a full investigation requested. Flickr, which is owned by SmugMug and has over 100 million registered users and millions of active photographers, did not disclose which provider was involved or how many users were impacted.
The company has begun a broader security review, strengthened controls around third‑party services, and notified data protection authorities, while advising users to watch for phishing emails, check account settings for unusual activity, and update passwords if the same password was reused.