It’s just another day with just another data breach – This time it is Image-sharing website Imgur.
The online image sharing and hosting platform Imgur has announced that it suffered a data breach back in 2014 but only got to know about it on November 23rd, 2017.
In total, hackers stole 1.7 million user accounts containing only email addresses and their passwords since the company does not ask for user’s real name, addresses, phone number or personally-identifying information (“PII”).
Although the stolen passwords were encrypted with hashing algorithm (SHA-256), Troy Hunt, founder of data breach notification website HaveIBeenPwned has confirmed that the data he received contains encrypted passwords. Hunt confirmed that 60% of the stolen Imgur accounts were already part of the HaveIbeenPwned database.
Imgur had no idea about the breach until Hunt informed the image sharing giant on 23rd of this month. In its blog post, Imgur’s chief operating officer, Roy Sehgal wrote that the company changed its hashing algorithm to bcrypt last year yet users are urged to change their passwords. Also, those who are using same email and password on other sites are also advised to change passwords.
Imgur has also informed the affected customers about the incident. “We take the protection of your information very seriously,” Sehgal said, “and will be conducting an internal security review of our system and processes.”
On November 23, we were notified about a data breach on Imgur that occurred in 2014. While we are still actively investigating the intrusion, we wanted to inform you as quickly as possible as to what we know and what we are doing in response. More: https://t.co/qElAetGVIc
— Imgur (@imgur) November 25, 2017
Remember, MySpace, DropBox, LinkedIn, Twitter, Yahoo, and Tumblr, etc. also suffered large-scale data breaches where the affected companies did not notice any malicious activity on their server until the stolen data started showing up on Dark Web marketplaces like Hansa and Alpha Bay.