Famous image hosting website Imgur has pronounced on Friday that cyberpunks stole usernames and passwords of 1.7 million users in an attempt. The breach dates back to 2014 when Imgur yet encoded the stored passwords with the SHA-256 algorithm, which has since been set up too weak to resist instinctive forcing. The company ensured to annotation that the conceded account information contained within only email addresses and passwords, as they’ve certainly not asked for users’ real names, addresses, phone numbers, or any other personally-identifying information.
“On the afternoon of November 23rd, an email was sent to Imgur by a security researcher who frequently deals with data breaches. He believed he was sent data that included information of Imgur users,” Roy Sehgal, Imgur’s Chief Operating Officer, explained.
Regardless of being a blessing in the US, where the company is situated, they rapidly started an inquiry to confirm that the data Hunt sent them to be in the right place to Imgur users and when they recognized that it ensures, they initiated informing affected users via their listed email address the next day.
“We take protection of your information very seriously and will be conducting an internal security review of our system and processes. We apologize that this breach occurred and the inconvenience it has caused you,” Sehgal concluded.
Hunt has admired Imgur’s rapid response and supervision of the revelation of the breach, even though some users will confidently be annoyed by the circumstance that the breach occurred and they certainly not observed. Regrettably, data breaches similar to this one have come to be the new normal.
Imgur says they’ve changed to struggling user passwords with the bcrypt previous year. And, rendering to Hunt, sixty percent of the hacked email addresses were previously in Have I Been Pwned’s database i.e. they’ve so far cooperated in earlier breaches.