The Daily Swig Web security digest

In the frame: Hackers capture 1.7m Imgur account details

James Walker | 27 November 2017 at 12:12

Image-sharing website ‘actively investigating’ incident from 2014.

One of the world’s biggest image-sharing websites, Imgur, has alerted its users to a historic security breach that resulted in the email addresses and passwords of 1.7 million accounts being compromised.

In a message to account holders on Friday, Imgur’s chief operating officer Roy Sehgal said the company was notified of a potential breach on November 23. After reviewing the data, the COO confirmed that a hack had taken place in 2014.

“We have always encrypted your password in our database, but it may have been cracked with brute force due to an older hashing algorithm (SHA-256) that was used at the time,” Sehgal explained. “We updated our algorithm to the new bcrypt algorithm last year.”

Fortunately, as with Imgur’s longstanding internet stablemate, Reddit, the image-sharing website does not ask for real names, addresses, phone numbers, or other personally identifiable information in its sign-up process.

However, in an effort to avoid the possibility of hackers cross-referencing Imgur email and password combinations with other sites, Sehgal urged users to update their account information and avoid repeating these details across different online properties.

“While we are still actively investigating the intrusion, we wanted to inform you as quickly as possible as to what we know and what we are doing in response,” he stated.

“We recommend that you use a different combination of email and password for every site and application. Please always use strong passwords and update them frequently.”

Imgur was alerted to the breach by Troy Hunt, who – in light of the sluggish communication methods demonstrated by the likes of Equifax, Uber, and many others this year – praised the company for its swift disclosure response:

“We take protection of your information very seriously and will be conducting an internal security review of our system and processes,” Sehgal said. “We apologize that this breach occurred and the inconvenience it has caused.”

Launched in 2009 by Ohio native Alan Schaaf, Imgur has grown to become one of the world’s largest online image-sharing communities. Functioning as both a meme repository and personal image gallery, the Alexa Top 50 site passed the 100 million unique monthly user mark in 2013.