Even though 2017 is ending, cybercriminals remain attacking major companies and websites. Recently image-sharing site Imgur disclosed that it had been hacked in 2014 and lost the information of approximately 1.7 million users accounts to unidentified cybercriminals.
According to the company, this security breach is not a major concern, while the data of the accounts include only email addresses and passwords. Imgur does not collect other sensitive information such as physical addresses, credit card information or phone numbers “so the information that was compromised did NOT include such PII.”
The company announced that it was “still actively investigating the incident” but it was stated that the database was hacked using brute force because of at the time used older hashing algorithm (SHA-256).
In order to prevent future attacks, the company has updated its database to use bcrypt algorithm in 2016. This algorithm is significantly harder to break, compared to the older one.
Imgur also recommends its users to update their passwords and notified about the incident back in 2014.
We recommend that you use a different combination of email and password for every site and application. Please always use strong passwords and update them frequently.
According to Gizmodo, consumers who apply the same password on multiple websites, and also those who have uploaded sensitive information to Imgur, are strongly advised to change their passwords.
However, Imgur’s breach is much less devastating than other serious data breaches happened recently. For instance, the Equifax data breach had an impact on over 145 million Americans personal data or a recent Uber hack which ended that the company paid attackers $100,000.
The Imgur data breach was discovered by a web security expert who established the data breach service Have I Been Pwned?, Troy Hunt. According to the expert, more than a half of the passwords and email addresses, approximately 60% have already been in his own database of over 4.8 billion breached accounts. In addition, the cyber expert also revealed ZDVet that he had been transmitted the kidnapped information by another source and informed Imgur. Just after the notice, the company had already publicized the data breach.
T. Hunt also told the site:
I disclosed this incident to Imgur late in the day in the midst of the U.S. Thanksgiving holidays. That they could pick this up immediately, protect impacted accounts, notify individuals and prepare public statements in less than 24 hours is absolutely exemplary.