After Uber, Imgur reveals 2014 data breach impacting 1.7 million user accounts

Imgur says no personally-identifying information such as real names or phone numbers was compromised.

  • Updated: November 26, 2017 3:18 PM IST

The cyberspace is getting uglier with one more technology giant reporting a security breach. Imgur, which is a hub for viral images on the internet, has come out with a notice about a data breach that occurred back in 2014 and impacted nearly 1.7 million user accounts.

Imgur went public with the information within a span of 24 hours after a security researcher identifying the breach from three years ago. Acknowledging the breach, the company wrote, “While we are still actively investigating the intrusion, we wanted to inform you as quickly as possible as to what we know and what we are doing in response.”

What comes as a relief is that in the said breach, no personally-identifying information (PII) such as mobile numbers or real numbers was compromised. However, the breach of email addresses and passwords in itself is huge damage to contain as a lot of users put the same email addresses across services and websites, and that often includes bank accounts which are linked to the addresses.

Imgur revealed that on November 24, 2017, it confirmed the breach of 1.7 million Imgur user accounts and the same day, it started “notifying impacted users via their registered email address. We are immediately requiring that these users update their password. We also published this public disclosure at 4PM PST.”

The company says that while it is still investigating how the breach happened in the first place, it believes the “database may have been cracked with brute force due to an older hashing algorithm (SHA-256) that was used at the time.” Imgur updated its algorithm to the new bcrypt algorithm last year.

Users are further advised to use a different combination of email and password for every site and application. One should also use strong passwords and update them frequently.

Imgur’s prompt acknowledgment of the breach is a stark contrast to Uber which deliberately hid the massive breach that compromised details of nearly 57 million customers and drivers. The taxi aggregator received the information about the breach a month after it was conducted in 2016, but it chose to hide the matter by allegedly paying hackers ransom of about $100,000 to delete the stolen data. Uber is likely to face investigation for its actions in the US.

  • Published Date: November 26, 2017 3:11 PM IST
  • Updated Date: November 26, 2017 3:18 PM IST