If you were an Imgur user in 2014, you might want to consider changing your password. Yesterday, the photo-sharing site revealed (via Engadget) that it learned of a security breach in 2014 that compromised the e-mail addresses and passwords of approximately 1.7 million users.

Imgur’s Chief Operating Officer, Roy Sehgal, confirmed that the breach occurred in 2014. Sehgal explains that Imgur doesn’t collect names, addresses, or phone numbers from its users, and that only user e-mails and password information was leaked. According to ZDNet, Troy Hunt, who runs the notification service Have I Been Pwned, obtained the data, and turned over the information to Imgur.

The company says that it’s still investigating the incident, but that it believes that hackers cracked the older algorithm that was used at the time with brute force. The company upgraded its encryption in 2016.