Flickr is one of the largest photography and image-sharing sites in the world. Since it was founded in 2004, it has hosted over 28 billion videos and images. According to the company, it has 800 million page views per month and 35 million monthly users.
According to an email sent to Flickr users, seen by BleepingComputer, a vulnerability in a third-party email service has potentially exposed the names, usernames, email addresses, IP addresses and account activity, general location data, and account types of users.
“On February 5, 2026, we were alerted to a vulnerability in a system operated by one of our email service providers,” the company told users.
While Flickr has not revealed which third-party company was involved, nor how many users it thinks may have been impacted, it said that it shut down access to the system impacted almost immediately when it discovered it on 5 February.
“This flaw may have allowed unauthorised access to some Flickr member information. We shut down access to the affected system within hours of learning about it,” the company said.
The company also said that passwords and payment cards were not exposed in the incident.
“We sincerely apologise for this incident and for the concern it may cause,” Flickr added.
“We take the privacy and security of your data extremely seriously, and we are taking immediate action to prevent any similar issues by conducting a thorough investigation, strengthening our system architecture, and further enhancing our monitoring of third-party service providers.”
Flickr encourages its users to review account settings for any changes, and to keep an eye out for phishing emails that use user data, and confirmed that Flickr would never request passwords through email.
Despite passwords being unaffected, it recommended that users reset passwords as soon as possible if they use those details on other platforms.
Daniel Croft