Imgur was hacked in 2014; affecting 1.7M users

It’s just another day with just another data breach – This time it is Image-sharing website Imgur.

The online image sharing and hosting platform Imgur has announced that it suffered a data breach back in 2014 but only got to know about it on November 23rd, 2017.

In total, hackers stole 1.7 million user accounts containing only email addresses and their passwords since the company does not ask for user’s real name, addresses, phone number or personally-identifying information (“PII”).

Although the stolen passwords were encrypted with hashing algorithm (SHA-256), Troy Hunt, founder of data breach notification website HaveIBeenPwned has confirmed that the data he received contains encrypted passwords. Hunt confirmed that 60% of the stolen Imgur accounts were already part of the HaveIbeenPwned database.

Imgur had no idea about the breach until Hunt informed the image sharing giant on 23rd of this month. In its blog post, Imgur’s chief operating officer, Roy Sehgal wrote that the company changed its hashing algorithm to bcrypt last year yet users are urged to change their passwords. Also, those who are using same email and password on other sites are also advised to change passwords.

Imgur has also informed the affected customers about the incident. “We take the protection of your information very seriously,” Sehgal said, “and will be conducting an internal security review of our system and processes.”

Remember, MySpace, DropBox, LinkedIn, Twitter, Yahoo, and Tumblr, etc. also suffered large-scale data breaches where the affected companies did not notice any malicious activity on their server until the stolen data started showing up on Dark Web marketplaces like Hansa and Alpha Bay.

Waqas

Waqas Amir is a Milan-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.