Popular photo-sharing website Imgur has confirmed that it was notified of a potential security breach earlier this week that occurred in 2014. The site says that the hack resulted in 1.7 million Imgur accounts being compromised. The leaked data includes email addresses and passwords of users. Imgur continues to investigate the intrusion and promises to inform users as quickly as possible to what it knows and what it’s doing in response.
Imgur received an email earlier this week from a security researcher who frequently deals with data breaches. The researcher believed that he was sent data which included information of Imgur users.
The website’s team arranged to securely receive the data from the researcher and then started working on validating the data that belonged to its users.
Imgur confirmed a couple of days back that approximately 1.7 million user accounts were compromised back in 2014. The compromised information includes only email addresses and passwords. Since the website never asks for real names, addresses, phone numbers or other personally identifying information, no such information of that kind was leaked.
The website is investigating how this breach happened. It reiterates that users’ passwords are always encrypted in its database. It believes that the encryption may have been cracked with brute force due to an older hashing algorithm that was used back then. Imgur updated its algorithm to the new bcrypt algorithm last year.
Affected users have already been notified of the breach. Those who were Imgur users with accounts back then should probably change their passwords out of an abundance of caution.