1.7m Imgur accounts compromised after 2014 data breach

Usernames and passwords stolen by hackers

Picture hosting site Imgur has confirmed that 1.7 million user credentials were stolen as part of a hack that took place in 2014.

The attackers made off with email addresses and passwords, but the company stated that no other data was included in the breach, as "Imgur has never asked for real names, addresses, phone numbers, or other personally-identifying information".

Advertisement - Article continues below

The company has already begun resetting the passwords of affected users and has released a public disclosure notice detailing the breach and Imgur's response to it.

"We are still investigating how the account information was compromised. We have always encrypted your password in our database," the company stated, "but it may have been cracked with brute force due to an older hashing algorithm (SHA-256) that was used at the time. We updated our algorithm to the new bcrypt algorithm last year."

Imgur, which has around 150 million monthly users, is one of the web's most widely-used picture hosting services, hosting images that are posted to internet message boards and social networks such as Reddit.

Imgur was alerted to the breach by Troy Hunt, the security researcher behind data breach cataloguing website Have I Been Pwned. He praised the company for its swift response to the incident after he told them on Thursday.

Advertisement - Article continues below
Advertisement - Article continues below

"I disclosed this incident to Imgur late in the day in the midst of the US Thanksgiving holidays," Hunt told ZDNet. "That they could pick this up immediately, protect impacted accounts, notify individuals and prepare public statements in less than 24 hours is absolutely exemplary."

Hunt also said that more than half of the email addresses included in the incident had already appeared in Have I Been Pwned's database of previous breaches.

In addition to its users, the company said that it is planning to inform law enforcement agencies in its home state of California. "We take protection of your information very seriously and will be conducting an internal security review of our system and processes," Imgur said. "We apologize that this breach occurred and the inconvenience it has caused you."

Featured Resources

Top 5 challenges of migrating applications to the cloud

Explore how VMware Cloud on AWS helps to address common cloud migration challenges

Download now

3 reasons why now is the time to rethink your network

Changing requirements call for new solutions

Download now

All-flash buyer’s guide

Tips for evaluating Solid-State Arrays

Download now

Enabling enterprise machine and deep learning with intelligent storage

The power of AI can only be realised through efficient and performant delivery of data

Download now



10 quick tips to identifying phishing emails

16 Mar 2020
mergers and acquisitions

Panda Security to be acquired by WatchGuard

9 Mar 2020
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Server & storage

HPE warns of 'critical' bug that destroys SSDs after 40,000 hours

26 Mar 2020
video conferencing

Zoom beams iOS user data to Facebook for targeted ads

27 Mar 2020

These are the companies offering free software during the coronavirus crisis

25 Mar 2020
Mobile Phones

Apple lifts iPhone purchase restrictions

23 Mar 2020