The Latest / Data Security News

1.7m Imgur Accounts Hit in 2014 Data Breach

December 5, 2017

Imgur, the image hosting website, last week notified its userbase of a data breach from 2014 that has recently been discovered. Some 1.7 million people were affected. That might be small compared to the massive hacks we have seen recently, but such incidents still need to be treated seriously.


What and when

Imgur were seemingly totally unaware of the data breach until last month, when Troy Hunt, who runs a website that helps people know if their data has been stolen or not, notified them. He showed the company a database that had come to his attention from 2014.

Imgur said:

“On November 23, Imgur was notified of a potential security breach that occurred in 2014 that affected the email addresses and passwords of 1.7 million user accounts. While we are still actively investigating the intrusion, we wanted to inform you as quickly as possible as to what we know and what we are doing in response.”

The company doesn’t collect much personal data of its users – all that was stolen was email addresses and passwords. People who follow good password practice and used a unique one should be clear of any further damage. But we know that’s not always the case – some people will have had a password they use regularly exposed for three years potentially.

How the attack happened?

Imgur were totally unaware of this breach until recently which is of course worrying. The investigation is still under way as to how this attack happened but Imgur said that its old encryption standards might have not been strong enough to protect the passwords it stored. The company said:

“We have always encrypted your password in our database, but it may have been cracked with brute force due to an older hashing algorithm (SHA-256) that was used at the time. We updated our algorithm to the new bcrypt algorithm last year.”

Key takeaways

This is another hack that has shown the difficulty many companies have just knowing when they have been hit or not. Good cyber security is not just about building strong ring fences around your data or quickly responding to attacks, it’s also about having good intelligence and knowledge about everything that is going on in within your organization.

But Imgur have handled the incident well since its discovery – which should be a minimum requirement of companies – but we have seen recently many fail to disclose breaches promptly. As soon as Imgur discovered the incident, its response was rapid. The next day the company started informing all affected customers of the incident and forcing password changes.

Big and small – data breaches are far to common in the business world today – organizations need to start taking the proper precautions to turn the tide. Find out here what Global Data Sentinel could do for your organization’s cyber security efforts.