The popular photo-sharing site Imgur was a victim of a data breach in 2014 that saw 1.7 million email addresses and passwords. The site put out a blog post on November 24th, 2017 notifying its users of the breach after its password algorithm was cracked.
Imgur was notified by Troy Hunt, who runs the data breach notification site Have I Been Pwned. Hunt notified the photo sharing site on Thursday, November 23rd after he was sent data that included the Imgur users.
Imgur’s CEO and its Vice President of Engineering, who securely received the data in order to verify that it was indeed from their users. Imgur did verify that the stolen data does not include information such as real names, addresses, or phone numbers, as the site doesn’t ask its users for such information.
The incident is still under investigation and Imgur CEO Roy Sehgal said that attackers likely cracked the site’s password encryption through “brute force”, due to an older algorithm. The algorithm has since been replaced and updated.
Imgur encourages users to make sure that they are using different password and username combinations on each of their online accounts. Also, it’s a good idea to reset your passwords for each account as well.
In the wake of recent data breaches and ransomware attacks, there are a few things to keep in mind to protect your data, both online and offline:
- Stay up to date on software patches
- Use a different password for each online account and don’t make any of them the same
- Encrypt sensitive files
- Back up your files
Cybersecurity is a big deal and a big job. But it is never foolproof. You have to stay vigilant and uncompromising in your security measures. Don’t let hackers take what you’ve worked so hard to build.
Author: Aaron White, Date: 30th November 2017