Imgur is a popular image sharing website that revealed some alarming information yesterday. The website revealed (via Engadget) that it had learned of a security breach in 2014 that compromised email addresses and passwords of about 1.7 million users.
Roy Sehgal, Imgur’s Chief Operating Officer, confirmed that the break occurred in 2014 and provided an explanation. Sehgal explains that Imgur doesn’t collect names, phone numbers, or even addresses from its users. Thus, the only information that was leaked are user emails and passwords.
According to ZDNet, Troy Hunt, who runs the notification service Have I Been Pwned, found out about the stolen data because it was sent to him, and turned it over to Imgur to alert them of the issues.
The breach occurred in 2014 and Imgur says that they’re still investigating the incident. The company believes that hackers used brute force attacks to crack the old algorithm, SHA-256. Imgur isn’t using the old system anymore because they upgraded their encryption in 2016. Even though the company boasts about 150 million total users, it’s still unfortunate to see that 1.7 million user accounts were impacted by the breach.
On November 23, we were notified about a data breach on Imgur that occurred in 2014. While we are still actively investigating the intrusion, we wanted to inform you as quickly as possible as to what we know and what we are doing in response. More: https://t.co/qElAetGVIc
— Imgur (@imgur) November 25, 2017