[BreachExchange] Image-sharing site Imgur was hacked in 2014

Inga Goddijn inga at riskbasedsecurity.com
Mon Nov 27 09:33:42 EST 2017


https://www.engadget.com/2017/11/24/imgur-hack/

Imgur, a popular picture-sharing site, revealed today that it suffered a
data breach in 2014, claiming it was just notified of it on November 23rd.
In a blog post, Imgur said hackers stole email addresses and passwords of
1.7 million user accounts -- a small fraction of its 150 million total
users. No other personal information was allegedly exposed, since Imgur
says it has never asked for people's real names, addresses or phone numbers.

The company added that while it's still investigating how the information
was compromised, it suspects it was due to an older hashing algorithm,
SHA-256, which has since been updated. As ZDNet reports, Imgur didn't find
out about the breach until the stolen data was sent to security researcher
Troy Hunt, who then contacted the firm about it.

Roy Sehgal, Imgur's chief operating officer, said those who have been
affected have already been informed. "We take protection of your
information very seriously," he wrote, "and will be conducting an internal
security review of our system and processes." Hopefully his team can figure
out how this incident went unnoticed for roughly three years.

Imgur
✔@imgur

On November 23, we were notified about a data breach on Imgur that occurred
in 2014. While we are still actively investigating the intrusion, we wanted
to inform you as quickly as possible as to what we know and what we are
doing in response. More: http://blog.imgur.com/?p=12005

6:01 PM - Nov 24, 2017
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20171127/37474158/attachment.html>


More information about the BreachExchange mailing list