Only after a few days of Uber admitting last year’s data breach of 57 million customers, the well-liked image sharing site disclosed that will This specific had suffered a major data breach in 2014 that will compromised email addresses in addition to passwords of 1.7 million user accounts.
In a blog post published on Friday, Imgur claimed that will the company had been notified of a three-year-old data breach on November 23 when a security researcher emailed the company after being sent the stolen data.
Imgur Chief Operating Officer (COO) then alerted the company’s founder in addition to the Vice President of Engineering to the issue before began working to validate that will the data belonged to Imgur users.
After completing the data validation, the company confirmed Friday morning that will the 2014 data breach impacted approximately 1.7 million Imgur user accounts (a tiny fraction of its 150 million user base) in addition to that will the compromised information included only email addresses in addition to passwords.
Since Imgur has never asked for people’s real names, phone numbers, addresses, or any different personally-identifying information (PII), no different personal information was allegedly exposed within the data breach.
The company also said that will the stolen passwords were scrambled with older SHA-256 hashing algorithm—which can be easily cracked using brute force attacks.
However, Imgur’s COO Roy Sehgal said the website had already moved coming from SHA-256 to much stronger bcrypt password scrambler last year.
“We have always encrypted your password in our database, although This specific may have been cracked with brute force due to an older hashing algorithm (SHA-256) that will was used at the time,” the image sharing service said. “We updated our algorithm to the brand-new bcrypt algorithm last year.”
The company has begun notifying affected users along with enforcing a password change.
Moreover, those using the same email address in addition to password combination across multiple sites in addition to applications are also advised to change those details as well.
This specific’s still known how This specific incident occurred in addition to went unnoticed for roughly three years. Imgur is usually still actively investigating the hacking intrusion in addition to will be sharing details as soon as they become available.
Security expert Troy Hunt who notified Imgur of the incident praised the company for its swift response to the breach notification in addition to disclosure of the data breach.
“I want to recognise @imgur’s exemplary handling of This specific: that will’s 25 hours in addition to 10 mins coming from my initial email to a press address to them mobilising people over Thanksgiving, assessing the data, beginning password resets in addition to generating a public disclosure. Kudos!” Hunt tweeted.
“This specific is usually truly where we’re at at This specific point: people recognise that will data breaches are the brand-new normal in addition to they’re judging organizations not on the fact that will they’ve had one, although on how they’ve handled This specific when This specific happened.”
Imgur is usually yet another company in a series of security breaches that will took place years ago although have only come to light in 2017. different companies revealing previously-occurred major breaches years after included Yahoo, Uber, LinkedIn, Disqus, in addition to MySpace.