Nov 27, 2017

Imgur breach revealed 1.7 million passwords in 2014

Shannon Vavra

Tierra Smith, 15, types on her computer while taking a diagnostic test at the Washington Leadership Academy. Photo: Jacquelyn Martin / AP

Imgur revealed last Friday that it had been breached in 2014, revealing emails and passwords of about 1.7 million user accounts. The image-hosting web site was made aware of the breach Nov. 23 when researcher Troy Hunt, of "Have I Been Pwned," approached them with his suspicions of the breach since he had been emailed data with what he believed were links to Imgur user accounts.

Why it matters: When users create accounts online, they risk their information or passwords getting exposed. Using a combination of multiple emails and passwords for every site could be a good bet against how vulnerable breaches will actually make users' other accounts, per Imgur.

This pales in comparison to the Yahoo breaches of 2013 and 2014, one of which affected all 3 billion user accounts, and it also represents just a small portion of Imgur's user base of about 150 million monthly users, per ZDNet.
Imgur did not say how the breach happened, but said it was using an older algorithm to encrypt passwords in its database in 2014. It upgraded last year to a more secure algorithm.
The company emphasized in its blog post that no personally identifying information was at risk. 60% of the account information in the data sent to Hunt was already in his database.
Imgur plans to disclose the breach to California's state attorney general, law enforcement, and other government agencies, per ZDNet.

Add Axios on Google

Imgur breach revealed 1.7 million passwords in 2014

What to read next