Popular image-sharing site Imgur has issued a notification through its official blog about a security breach that impacted 1.7 million users. This breach had occurred back in 2014. The company learned about this from security researcher Troy Hunt.
What was compromised in the Imgur security breach?
Data of 1.7 million Imgur user accounts was compromised in the data breach. This included only email addresses and passwords. Imgur has said that no personal information was stolen as the website never asks for real names, addresses or phone numbers from its users.
On November 23, we were notified about a data breach on Imgur that occurred in 2014. While we are still actively investigating the intrusion, we wanted to inform you as quickly as possible as to what we know and what we are doing in response. More: https://t.co/qElAetGVIc
— Imgur (@imgur) November 25, 2017
How did the security breach happen?
Imgur suspects a brute force attack behind the breach. According to the company, during the time of the hack, an older password encryption system was in use and this may have allowed the hackers to carry out the attack. Imgur updated its algorithm to the new bcrypt algorithm last year.
What should Imgur users be doing?
As soon as Imgur learned about the hack, it was quick to respond to the crisis. After running some initial investigation on 23rd, it started notifying affected users on 24th to change their passwords. However, if you are an Imgur user and have not received any such email, it won’t be a bad idea to change your password anyway. Create a strong, unique password that has uppercase and lower letters, numbers, and special characters. Ensure this password is not used for any other online accounts.
The Imgur security breach is still under investigation. You can stay updated with the latest developments in this case on the company’s official blog here – https://blog.imgur.com/category/news/
I want to recognise @imgur‘s exemplary handling of this: that’s 25 hours and 10 mins from my initial email to a press address to them mobilising people over Thanksgiving, assessing the data, beginning password resets and making a public disclosure. Kudos! https://t.co/jV8MDscXLT
— Troy Hunt (@troyhunt) November 25, 2017
If you think this post was helpful, share it with your friends and peers who use Imgur.