Imgur Confirms 2014 Hack: Email Addresses And Passwords Stolen From 1.7 Million Accounts

Share this…

Imgur, a widely recognized image sharing service most commonly used on Reddit, has revealed that it suffered a data breach as far back as 2014, and claims that it was only notified of it on Nov. 23.

Imgur Was Hacked: Everything You Need To Know

The hackers stole email addresses and passwords of 1.7 million users, just a tiny fraction of its 150 million users overall. No other sensitive information was exposed, since according to Imgur, they don’t ask for data such as real names, physical addresses, or phone numbers.

In a blog post, Imgur explains that it received an email from security researcher Troy Hunt, who frequently deals with data breaches. He told Imgur that he received the hacked data in question, which included passwords and email addresses . Shortly thereafter, Imgur’s CEO and VP of engineering were notified. Then finally, Imgur got a hold of the data securely and began working to validate whether it contained information of users. Indeed, it had.

Imgur says it’s still investigating as to how the data breach could have happened.

“We have always encrypted your password in our database, but it may have been cracked with brute force due to an older hashing algorithm (SHA-256) that was used at the time,” says Imgur. It updated its algorithm last year.

Imgur CEO Roy Sehgal said those who have been affected by the breach have already been informed.

“We take protection of your information very seriously,” said Sehgal, who now promises to conduct an internal security investigation of Imgur’s “system and processes.”

Data Breach Cases

How this breach went unnoticed for more than three years has yet to be determined. It adds to a growing concern for the security flaws of popular services: Earlier this week Uber also revealed that its servers had been hacked in 2016, putting personal information of 57 million drivers and riders at risk of being exposed.

The difference between Imgur and Uber is Imgur claims it didn’t know about the breach until now; Uber knew about its own breach but paid hackers ransom money to keep quiet, then it pretended the hack was just the result of a bug bounty program. European Union privacy regulators, in addition to the Federal Trade Commission, are now actively investigating the Uber data breach.

As for Imgur, the site now recommends people to use different email and password combinations for every site and application, and to use strong passwords and frequently update them.