/

What happened in the Imgur data breach?

What happened in the Imgur data breach?

Twingate Team

May 13, 2024

In 2014, the online image sharing platform Imgur experienced a data breach that went undiscovered until November 2017. The breach involved unauthorized access to user email addresses and passwords. At the time, Imgur was using the SHA-256 hashing algorithm for encrypting passwords, which is considered weaker than the bcrypt algorithm that the company adopted in 2016. The breach was brought to light by security researcher Troy Hunt, and Imgur has since been praised for its swift response to the incident.

How many accounts were compromised?

The breach impacted data related to approximately 1.75 million users.

What data was leaked?

The data exposed in the breach included email addresses and passwords of Imgur users.

How was Imgur hacked?

It was discovered in November 2017 by security researcher Troy Hunt. The breach exposed email addresses and passwords, with the latter appearing in plain text, suggesting successful cracking of the original SHA-256 hashes. Imgur has not confirmed the exact method of the breach but suggests that hackers may have used a brute force attack to decrypt the stolen credentials, as the company was using an older hashing algorithm at the time.

Imgur's solution

In response to the data breach, Imgur took several measures to enhance its security and prevent future hacking incidents. The company updated its password encryption algorithm to bcrypt in 2016, which is more secure than the SHA-256 algorithm used at the time of the breach. Imgur also collaborated with cybersecurity experts, such as Troy Hunt, to investigate the breach and determine how the account information was compromised. Additionally, Imgur promptly notified affected users via email and required them to update their passwords as a precautionary measure.

How do I know if I was affected?

Imgur notified affected users about the breach and required them to update their passwords. If you were an Imgur user during the time of the breach and did not receive a notification, you can visit Have I Been Pwned to check if your credentials were compromised.

What should affected users do?

In general, affected users should:

  • Change Your Password: Immediately update your password for the breached account. Make sure the new password is strong and unique, not previously used on any other platform.

  • Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.

  • Enable Two-Factor Authentication (2FA): Activate 2FA on the breached account and consider enabling this additional security feature on all other important online accounts to significantly reduce the risk of unauthorized access.

For specific advice on Imgur's data breach, contact Imgur's support directly.

Where can I go to learn more?

For more information on the Imgur data breach, check out the following news articles:

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

/

What happened in the Imgur data breach?

What happened in the Imgur data breach?

Twingate Team

May 13, 2024

In 2014, the online image sharing platform Imgur experienced a data breach that went undiscovered until November 2017. The breach involved unauthorized access to user email addresses and passwords. At the time, Imgur was using the SHA-256 hashing algorithm for encrypting passwords, which is considered weaker than the bcrypt algorithm that the company adopted in 2016. The breach was brought to light by security researcher Troy Hunt, and Imgur has since been praised for its swift response to the incident.

How many accounts were compromised?

The breach impacted data related to approximately 1.75 million users.

What data was leaked?

The data exposed in the breach included email addresses and passwords of Imgur users.

How was Imgur hacked?

It was discovered in November 2017 by security researcher Troy Hunt. The breach exposed email addresses and passwords, with the latter appearing in plain text, suggesting successful cracking of the original SHA-256 hashes. Imgur has not confirmed the exact method of the breach but suggests that hackers may have used a brute force attack to decrypt the stolen credentials, as the company was using an older hashing algorithm at the time.

Imgur's solution

In response to the data breach, Imgur took several measures to enhance its security and prevent future hacking incidents. The company updated its password encryption algorithm to bcrypt in 2016, which is more secure than the SHA-256 algorithm used at the time of the breach. Imgur also collaborated with cybersecurity experts, such as Troy Hunt, to investigate the breach and determine how the account information was compromised. Additionally, Imgur promptly notified affected users via email and required them to update their passwords as a precautionary measure.

How do I know if I was affected?

Imgur notified affected users about the breach and required them to update their passwords. If you were an Imgur user during the time of the breach and did not receive a notification, you can visit Have I Been Pwned to check if your credentials were compromised.

What should affected users do?

In general, affected users should:

  • Change Your Password: Immediately update your password for the breached account. Make sure the new password is strong and unique, not previously used on any other platform.

  • Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.

  • Enable Two-Factor Authentication (2FA): Activate 2FA on the breached account and consider enabling this additional security feature on all other important online accounts to significantly reduce the risk of unauthorized access.

For specific advice on Imgur's data breach, contact Imgur's support directly.

Where can I go to learn more?

For more information on the Imgur data breach, check out the following news articles:

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

What happened in the Imgur data breach?

Twingate Team

May 13, 2024

In 2014, the online image sharing platform Imgur experienced a data breach that went undiscovered until November 2017. The breach involved unauthorized access to user email addresses and passwords. At the time, Imgur was using the SHA-256 hashing algorithm for encrypting passwords, which is considered weaker than the bcrypt algorithm that the company adopted in 2016. The breach was brought to light by security researcher Troy Hunt, and Imgur has since been praised for its swift response to the incident.

How many accounts were compromised?

The breach impacted data related to approximately 1.75 million users.

What data was leaked?

The data exposed in the breach included email addresses and passwords of Imgur users.

How was Imgur hacked?

It was discovered in November 2017 by security researcher Troy Hunt. The breach exposed email addresses and passwords, with the latter appearing in plain text, suggesting successful cracking of the original SHA-256 hashes. Imgur has not confirmed the exact method of the breach but suggests that hackers may have used a brute force attack to decrypt the stolen credentials, as the company was using an older hashing algorithm at the time.

Imgur's solution

In response to the data breach, Imgur took several measures to enhance its security and prevent future hacking incidents. The company updated its password encryption algorithm to bcrypt in 2016, which is more secure than the SHA-256 algorithm used at the time of the breach. Imgur also collaborated with cybersecurity experts, such as Troy Hunt, to investigate the breach and determine how the account information was compromised. Additionally, Imgur promptly notified affected users via email and required them to update their passwords as a precautionary measure.

How do I know if I was affected?

Imgur notified affected users about the breach and required them to update their passwords. If you were an Imgur user during the time of the breach and did not receive a notification, you can visit Have I Been Pwned to check if your credentials were compromised.

What should affected users do?

In general, affected users should:

  • Change Your Password: Immediately update your password for the breached account. Make sure the new password is strong and unique, not previously used on any other platform.

  • Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.

  • Enable Two-Factor Authentication (2FA): Activate 2FA on the breached account and consider enabling this additional security feature on all other important online accounts to significantly reduce the risk of unauthorized access.

For specific advice on Imgur's data breach, contact Imgur's support directly.

Where can I go to learn more?

For more information on the Imgur data breach, check out the following news articles: