Nov 27, 2017

Imgur breach revealed 1.7 million passwords in 2014

Tierra Smith, 15, types on her computer while taking a diagnostic test at the Washington Leadership Academy. Photo: Jacquelyn Martin / AP

Imgur revealed last Friday that it had been breached in 2014, revealing emails and passwords of about 1.7 million user accounts. The image-hosting web site was made aware of the breach Nov. 23 when researcher Troy Hunt, of "Have I Been Pwned," approached them with his suspicions of the breach since he had been emailed data with what he believed were links to Imgur user accounts.

Why it matters: When users create accounts online, they risk their information or passwords getting exposed. Using a combination of multiple emails and passwords for every site could be a good bet against how vulnerable breaches will actually make users' other accounts, per Imgur.

  • This pales in comparison to the Yahoo breaches of 2013 and 2014, one of which affected all 3 billion user accounts, and it also represents just a small portion of Imgur's user base of about 150 million monthly users, per ZDNet.
  • Imgur did not say how the breach happened, but said it was using an older algorithm to encrypt passwords in its database in 2014. It upgraded last year to a more secure algorithm.
  • The company emphasized in its blog post that no personally identifying information was at risk. 60% of the account information in the data sent to Hunt was already in his database.
  • Imgur plans to disclose the breach to California's state attorney general, law enforcement, and other government agencies, per ZDNet.
Go deeper