1.7 million Imgur accounts were affected by a data breach in 2014
1.7 million Imgur accounts were affected by a data breach in 2014
While this is only a minority of Imgur’s 150 million monthly users, the breach has gone unnoticed for over two years, with the company only noticing this issue after being contacted by Troy Hunt, a researcher who runs “Have I Been Pwned“. Just a mere 25 hours after Troy’s initial contact with Imgur the company had made a public disclosure of the breach, confirming how many users were affected and began the process of resetting the passwords and contacting of affected users.
Troy praised Imgur for their lightning fast response to this issue, though it does showcase how easily data can be compromised and go unnoticed by major online companies.
Back in 2014, Imgur’s passwords used SHA-256 encryption, which was updated to a more secure bcrypt algorithm last year. This protection is said to have been brute forced by hackers, leaving the accounts of 1.7 million users compromised.
Thankfully Imgur does not ask for personally identifiable information when users create a new account, with email addresses and password being the only data affected by this beach. This means that the information here is not personally identifiable, though it could be used to access personal information if the user uses the same password on other websites.
While Imgur’s quick response here is admirable, it does not take away from the fact that this breach occurred back in 2014, leaving 1.7 million users vulnerable for over two years. Affected users should have already received an email regarding the breach alongside instruction that will allow them to change their passwords, though it is advisable that other Imgur users also take precautions in case this breach turns out to be larger than initially thought.
You can join the discussion on 1.7 million Imgur accounts being compromised on the OC3D Forums.