Back in 2014 Imgur was hacked and one of the scariest parts of this hack was that it had no idea the breach had occurred until this month. The hack resulted in the usernames and passwords of 1.7 million accounts being stolen. Another troubling thing about the hacks is Imgur has no idea how exactly the hackers gained access.
Imgur wrote, “We are still investigating how the account information was compromised. We have always encrypted your password in our database, but it may have been cracked with brute force due to an older hashing algorithm (SHA-256) that was used at the time. We updated our algorithm to the new bcrypt algorithm last year.”
Imgur says that it asks for no personally identifiable information to open an account. The users affected by the branch have been contacted on the email addresses that they used when registering. Those users are being required to change their passwords.
The security researcher who discovered the breach is Troy Hunt and he was given a list of the stolen account details by an unnamed source reports PCMag. Hunt told ZDNet, “I disclosed this incident to Imgur late in the day in the midst of the US Thanksgiving holidays. That they could pick this up immediately, protect impacted accounts, notify individuals and prepare public statements in less than 24 hours is absolutely exemplary.”