Online image sharing Website ‘Imgur’ has confirmed a hack dating back to 2014.
Around 1.7 million email addresses & passwords were “compromised”. Imgur said in a blog post that the breach didn’t include personal information because the Site has “never asked” for real names, addresses, or phone numbers.
On November 23, Imgur was notified of a potential security breach that occurred in 2014 that affected the email addresses and passwords of 1.7 million user accounts. While we are still actively investigating the intrusion, we wanted to inform you as quickly as possible as to what we know and what we are doing in response.
What Information Was Involved?
Early morning on November 24th, we confirmed that approximately 1.7 million Imgur user accounts were compromised in 2014. The compromised account information included only email addresses and passwords. Imgur has never asked for real names, addresses, phone numbers, or other personally-identifying information (“PII”), so the information that was compromised did NOT include such PII.
How Did This Happen?
We are still investigating how the account information was compromised. We have always encrypted your password in our database, but it may have been cracked with brute force due to an older hashing algorithm (SHA-256) that was used at the time. We updated our algorithm to the new bcrypt algorithm last year.
What Steps Are We Taking?
On the morning of November 24th, we began notifying impacted users via their registered email address. We are immediately requiring that these users update their password. We also published this public disclosure at 4PM PST.
•Share This•
