1 min read

1.7 Million Affected in 2014 Imgur Data Breach

Liviu ARSENE

November 27, 2017

Promo Protect all your devices, without slowing them down.
Free 30-day trial
1.7 Million Affected in 2014 Imgur Data Breach

A recently disclosed data breach affecting popular image-hosting website Imgur may have affected 1.7 million users. Although the breach occurred in 2014, only email addresses and passwords seem to have been affected, as the website does not require any other personal information from visitors.

As one of the world”s 50 largest websites, the Imgur boasts a staggering 150 million monthly active users, although in 2014 had an estimated 130 million. However, since the website does not require mandatory accounts to view its posted content, it likely has a lot fewer accounts than unique visitors.

“On November 23, Imgur was notified of a potential security breach that occurred in 2014 that affected the email addresses and passwords of 1.7 million user accounts,” according to Imgur”s blog post. “While we are still actively investigating the intrusion, we wanted to inform you as quickly as possible as to what we know and what we are doing in response.”

The leaked passwords and email addresses are believed to have been stored as hashes using SHA256, which means they can be converted back to text with various online services using a huge database of strings to generate collisions for the exposed hashes. Imgur says it replaced SHA256 with the more secure bcrypt algorithm sometime last year, thwarting any future password guessing caused by a data breach.

“I want to recognise Imgur”s exemplary handling of this: that’s 25 hours and 10 mins from my initial email to a press address to them mobilising people over Thanksgiving, assessing the data, beginning password resets and making a public disclosure,” according to security expert Troy Hunt, who reported the breach.

Imgur has quickly taken measures to notify potentially affected users, as noted by the security researchers. The company also said it will conduct an internal security check to find out how the breach occurred and potentially figure out how to prevent similar incidents from occurring.

tags


Author


Liviu ARSENE

Liviu Arsene is the proud owner of the secret to the fountain of never-ending energy. That's what's been helping him work his everything off as a passionate tech news editor for the past few years.

View all posts

You might also like

Bookmarks


loader