Imgur, the popular image sharing service, confirms email addresses and passwords were stolen in a security breach occurred in 2014.

One day later, the company started resetting the passwords of affected accounts and published a data breach notice.

The company said that the stolen passwords were protected with the SHA-256 hashing algorithm that can be easily cracked using brute force attacks. “We have always encrypted your password in our database, but it may have been cracked with brute force due to an older hashing algorithm (SHA-256) that was used at the time. We updated our algorithm to the new bcrypt algorithm last year.” continues the data breach notice. Imgur is investigating the incident, but it is still unclear how it is possible that the incident was revealed only three years later. Below the Troy Hunt’s comment about the incident handling procedure implemented by the company. “I want to recognise @imgur’s exemplary handling of this: that’s 25 hours and 10 mins from my initial email to a press address to them mobilising people over Thanksgiving, assessing the data, beginning password resets and making a public disclosure. Kudos!” Hunt tweeted. “This is really where we’re at now: people recognise that data breaches are the new normal and they’re judging organizations not on the fact that they’ve had one, but on how they’ve handled it when it happened.” I want to recognise @imgur's exemplary handling of this: that's 25 hours and 10 mins from my initial email to a press address to them mobilising people over Thanksgiving, assessing the data, beginning password resets and making a public disclosure. Kudos! https://t.co/jV8MDscXLT — Troy Hunt (@troyhunt) November 25, 2017

According to Hunt, 60 percent of email addresses were already in Have I Been Pwned‘s database of more than 4.8 billion records.

Imgur users that want to check if their accounts have been exposed in the security breach can do it on the data breach notification service Have I Been Pwned that according to Hunt already includes 60 percent of email exposed in the hack.

Imgur is just the last notorious victim of a data breach, other companies revealed major security breaches they had suffered many years ago, including Uber, Yahoo, LinkedIn, and MySpace. Pierluigi Paganini (Security Affairs – data breach, Imgur)

Share this...

Linkedin Reddit Pinterest

Share On