Imgur has announced that it became the victim of a hacking attempt all the way back in 2014. The popular image-sharing site says it found out about this on November 23 and has been in damage control mode since then.
Over 1.7 million users have been affected by the breach. Imgur says only their email addresses and passwords have gotten stolen since the website doesn’t ask for personal information likes names, phone numbers, and addresses. Still, just having a person’s email ID and password is enough to hack accounts on other sites if they’re the type to repeat the same credentials.
Imgur is thus asking people in general to utilize a different email + password combo for all sites and apps, recommending that they formulate strong passwords and update them often. As for the individuals whose information was actually taken, the company is notifying them through an email and urging them to change their passcode.
This entire nightmare began when a security researcher specializing in data breaches sent Imgur an email. He had apparently received data which included information about the brand’s base. The site then went about informing upper-level executives and validating the data really did belong to its users.
We know the answer to that is a resounding yes now, so the only mystery left to solve is how Imgur got hacked in the first place. The company’s still in the middle of investigating this, but it seems the website’s database got cracked through brute force techniques.
This was only possible because of the old algorithm it used to employ in 2014. It’s since switched over to the new bcrypt algorithm.