Hackers stole data from 1.7m Imgur users

By

Breach went unnoticed for three years.

The email addresses and scrambled passwords of 1.7 million accounts on popular image sharing site Imgur were stolen by attackers in 2014.

Hackers stole data from 1.7m Imgur users

The company today revealed it had been notified of the three-year old breach on November 23 when security expert Troy Hunt alerted Imgur after being sent the stolen data.

Imgur said it was still actively investigating what had happened, but it has started resetting the passwords of affected accounts and has publicly and privately notified users of the incident.

Chief operating officer Roy Sehgal said the site had upgraded its security since the breach - moving from SHA-256 to the bcrypt password scrambler last year - but advised anyone who had used their Imgur email address and password combination on other sites to change those details.

"We take protection of your information very seriously and will be conducting an internal security review of our system and processes," Sehgal said.

"We apologise that this breach occurred and the inconvenience it has caused you."

Imgur said the breach did not include any personal data; it does not require users to hand over their names, physical addresses or phone numbers.

The company has 150 million monthly users.

Hunt praised Imgur for its quick action in response to the breach notification.

"That's 25 hours and 10 mins from my initial email to a press address to them mobilising people over Thanksgiving, assessing the data, beginning password resets and making a public disclosure. Kudos!" Hunt said on Twitter.

"This is really where we're at now: people recognise that data breaches are the new normal and they're judging organisations not on the fact that they've had one, but on how they've handled it when its happened."

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

CBA looks to GenAI to assist 1200 'security champions'

CBA looks to GenAI to assist 1200 'security champions'

NSW Police to embark on $126m IT overhaul

NSW Police to embark on $126m IT overhaul

Australia's super funds told to assess authentication controls

Australia's super funds told to assess authentication controls

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Log In

  |  Forgot your password?