1.7m Imgur accounts compromised after 2014 data breach

Usernames and passwords stolen by hackers

Picture hosting site Imgur has confirmed that 1.7 million user credentials were stolen as part of a hack that took place in 2014.

The attackers made off with email addresses and passwords, but the company stated that no other data was included in the breach, as "Imgur has never asked for real names, addresses, phone numbers, or other personally-identifying information".

The company has already begun resetting the passwords of affected users and has released a public disclosure notice detailing the breach and Imgur's response to it.

"We are still investigating how the account information was compromised. We have always encrypted your password in our database," the company stated, "but it may have been cracked with brute force due to an older hashing algorithm (SHA-256) that was used at the time. We updated our algorithm to the new bcrypt algorithm last year."

Imgur, which has around 150 million monthly users, is one of the web's most widely-used picture hosting services, hosting images that are posted to internet message boards and social networks such as Reddit.

Imgur was alerted to the breach by Troy Hunt, the security researcher behind data breach cataloguing website Have I Been Pwned. He praised the company for its swift response to the incident after he told them on Thursday.

"I disclosed this incident to Imgur late in the day in the midst of the US Thanksgiving holidays," Hunt told ZDNet. "That they could pick this up immediately, protect impacted accounts, notify individuals and prepare public statements in less than 24 hours is absolutely exemplary."

Hunt also said that more than half of the email addresses included in the incident had already appeared in Have I Been Pwned's database of previous breaches.

In addition to its users, the company said that it is planning to inform law enforcement agencies in its home state of California. "We take protection of your information very seriously and will be conducting an internal security review of our system and processes," Imgur said. "We apologize that this breach occurred and the inconvenience it has caused you."

Featured Resources

Security analytics for your multi-cloud deployments

IBM Security QRadar SIEM solution brief

Download now

Five reasons to move to the cloud

Join the enterprises moving their workloads to the cloud

Download now

Architecting hybrid IT and edge for digital advantage

Why business leaders should consider a hybrid IT strategy

Download now

Six reasons to accelerate remote asset monitoring with AI

How to optimise resources, increase productivity, and grow profit margins with AI

Download now

Recommended

10,000 emails hit with fake FedEx and DHL phishing attacks
phishing

10,000 emails hit with fake FedEx and DHL phishing attacks

24 Feb 2021
Austin Energy warns of scammers soliciting payments in the wake of mass power outages
scams

Austin Energy warns of scammers soliciting payments in the wake of mass power outages

23 Feb 2021
Cyber security firm saw attacks rise by 20% during 2020
cyber security

Cyber security firm saw attacks rise by 20% during 2020

23 Feb 2021
What to look for in a secure cloud system
cloud security

What to look for in a secure cloud system

23 Feb 2021

Most Popular

Mysterious Silver Sparrow malware hits 30,000 macOS devices
malware

Mysterious Silver Sparrow malware hits 30,000 macOS devices

22 Feb 2021
IBM reportedly mulls sale of Watson Health business
mergers and acquisitions

IBM reportedly mulls sale of Watson Health business

22 Feb 2021
Hackers publish Bombardier data in wide-reaching FTA cyber attack
cyber attacks

Hackers publish Bombardier data in wide-reaching FTA cyber attack

24 Feb 2021