IMGUR Reveals Passwords and E-Mails Were Stolen in 2014 Hack

Popular image sharing social media platform IMGUR is revealing details about a security breach in 2014. This hack apparently resulted in user account information, passwords and e-mail addresses exposed. The revelation comes directly from the official IMGUR blog on Friday. According to the post, they were not aware of it either until being notified the day before by a security researcher.

E-mails and Passwords Stolen

An estimate of 1.7 million IMGUR user accounts from 2014 are compromised. Although it includes passwords, e-mail and account information, the company reveals these were the only information that are of concern. There is no risk of exposure of real names, addresses, phone numbers or other personal identifying information.

While details as to how the breach took place is scarce, their security officer believes that it must have been through brute force means. An older hashing algorithm (SHA-256) was in place at that time. They are now using bcrypt since 2016. IMGUR have been notifying users directly via their e-mail addresses, suggesting a password update. They highly recommend using a different combination of email and password for every site and application. Users who are using the same user/pass on IMGUR on their other service should change their password there as well. Especially if it is the same e-mail/passwords combination for online access to a bank account.