Imgur confirms security breach 1.7 billion login details

Imgur security breach user in 2014, you strength want to consider editing your password 27th  November 2017. The photo-sharing site revealed (via Engadget) that it learned of a security breach in 2014 that discredited the e-mail addresses and passwords of around 1.7 million users.

Imgur Chief Operating Officer, Roy Sehgal, announced that the breach befell in 2014. Sehgal explains that Imgur does not collect names, addresses, or phone numbers from its users and that only user e-mails and password information was leaked. According to ZDNet, Troy Hunt, who runs the information service Have I Been Pwned, got the data, and adapted over the data to Imgur.

The company announces that it’s still investigating the incident, but that it believes that hackers cracked the older algorithm that was used at the time with brute force. The company upgraded its encryption in 2016.

Company response:

“We take the protection of your information very seriously and will be conducting an internal security review of our system and processes. We apologize that this breach occurred and the inconvenience it has caused you,” Sehgal concluded.

Hunt has recommended Imgur’s swift reaction and handling of the disclosure of the breach, although some users will surely be miffed by the fact that the breach happened and they never noticed.

Unfortunately, data breaches like this one have become the new normal. Imgur says they’ve switched to scrambling user passwords with bcrypt last year. And, according to Hunt, 60% of the leaked email addresses were already in Have I Been Pwned’s database.

8 thoughts on “Imgur confirms security breach 1.7 billion login details”

Leave a Reply

Your email address will not be published. Required fields are marked *