The image sharing website Imgur is a fascinating place that contains its own ecosystem similar to that of Reddit, but that ecosystem suffered a bit of a shock at the weekend.
The website’s chief operating officer Roy Sehgal explained in a blog that Imgur had suffered a security breach in 2014 that affected some 1.7 million users.
The data breach was discovered by none other than security researcher and creator of HaveIBeenPwned.com, Troy Hunt. The researcher and Sehgal worked together to determine the whether the data related to Imgur users.
I want to recognise @imgur's exemplary handling of this: that's 25 hours and 10 mins from my initial email to a press address to them mobilising people over Thanksgiving, assessing the data, beginning password resets and making a public disclosure. Kudos! https://t.co/jV8MDscXLT
— Troy Hunt (@troyhunt) November 25, 2017
It was discovered that the data was compromised in 2014 and included email addresses and passwords secured with SHA-256. Users that had an account on Imgur in 2014 should update their passwords because SHA-256 encryption is known to be rather susceptible to brute-force attacks.
“We are still investigating how the account information was compromised,” said Sehgal in a statement.
Users who have questions about the breach can contact Imgur support but, in the interim, update your passwords.
“We take protection of your information very seriously and will be conducting an internal security review of our system and processes. We apologize that this breach occurred and the inconvenience it has caused you,” concluded the Imgur COO.