1.7 million account credentials stolen from Imgur in 2014

3.2
It may be hard to believe that back in 2009, Alan Schaaf started what was initially a side project that would go on to become one of the most popular image sharing sites on the web, Imgur. An early indication of his creation's success was the reception it garnered on Reddit, having attracted more than 1,600 upvotes but now it has come to light that the company has suffered a data breach dating back several years.

After the exfiltrated data was sent to Troy Hunt, the owner of "Have I been pwned?", Hunt notified Imgur late on November 23rd. Imgur's Chief Operating Officer then alerted the company's CEO and the Vice President of Engineering to the issue prior to the commencement of data validation. By early Friday morning, the image sharing site had determined that around 1.7 million user accounts had been impacted by the data breach that had originally taken place back in 2014 and began notifying affected users in addition to enforcing a change of password.


While the stolen data did not include any personally identifiable information, such as names, addresses. and phone numbers, as Imgur does not request that information, it did include email addresses and passwords. This, of course, puts users who re-use their credentials at higher risk of having their accounts at other websites hijacked.

Unfortunately, for some users, Have I been pwned? noted that:

"Although imgur stored passwords as SHA-256 hashes, the data in the breach contained plain text passwords suggesting that many of the original hashes had been cracked."

Investigations into how the breach took place are ongoing but the company plans to disclose the incident to all relevant government agencies in addition to law enforcement and the state's attorney general. However, Imgur has advised that it had rolled over to using bcrypt for password hashing in 2016 which should provide a more robust defense from that point in time onwards.

Posted:
Related Forum: PC General Forum

Source: https://www.neowin.net/news/17-million-account-credentials-stolen-from-imgur-in-2014

Comments

"1.7 million account credentials stolen from Imgur in 2014" :: Login/Create an Account :: 4 comments

If you would like to post a comment please signin to your account or register for an account.

SagePosted:

Famous Hahaha 3 years later they caught it. I don't see anything bad from this really it's simple picture but I can see some accounts more have pictures that can't be shared but the percent has to be low.


I mean out of 1.7 mil someone has to have some super secret unlisted pictures like the fappening albums.

TuskPosted:

Wow this is incredible how did they not catch them? lol

TOXICPosted:

Well took them long enough lol.

FamousPosted:

Hahaha 3 years later they caught it. I don't see anything bad from this really it's simple picture but I can see some accounts more have pictures that can't be shared but the percent has to be low.