Spread the love! TechSpot Tech Gift Shortlist 2017

Imgur confirms 1.7 million user credentials have been compromised

By Cal Jeffrey
Nov 27, 2017
Post New Reply
  1. Imgur recently announced that 1.7 million user accounts might have been compromised. That may sound bad but it’s not the worst of it. According to the information that the company received from a security researcher, the breach occurred in 2014 meaning affected users have been exposed for at least three years.

    Imgur’s Chief Operating Officer Roy Sehgal stated that he received an e-mail late Thanksgiving evening from an unnamed data breach expert informing him of a suspected intrusion that may have occurred back in 2014. The researcher said he had received information that contained what he believed was Imgur usernames and passwords.

    Sehgal immediately notified Imgur CEO Alan Schaaf and VP of Engineering Ron Benson of the news. Benson arranged to securely retrieve the suspected data so that he could validate that it was Imgur user credentials. After examination of the information, officials confirmed that close to 1.7 million Imgur user accounts were exposed and that the breach occurred in 2014.

    “The compromised account information included only email addresses and passwords. Imgur has never asked for real names, addresses, phone numbers, or other personally-identifying information (PII), so the information that was compromised did NOT include such PII.”

    The company is still investigating how the intrusion occurred. Sehgal suggested that attackers may have used brute force to crack the SHA-256 encryption that it used for passwords back then. As of 2016, the company has been using the new bcrypt algorithm to protect passwords.

    Imgur has already begun sending out e-mails to impacted users, informing them of the breach and advising them to change their passwords. It would also be prudent to change passwords on any accounts outside of Imgur where users may have used the same username/password combination.

    Permalink to story.

     
  2. Squid Surprise

    Squid Surprise TS Evangelist Posts: 1,523   +690

    What are the odds that they really didn't know that their security was breached and that they just hoped no one would ever find out....

    Every company that has online login information should have someone (or many someones) responsible for checking the web to see if their databases have been compromised - it's really not that hard to have someone join a "quasi-legal" cracking site and be on the lookout for your companies' login/pw being dumped!
     
  3. MoeJoe

    MoeJoe TS Guru Posts: 707   +379

    L M A O at these widespread tech failures.
     
  4. senketsu

    senketsu TS Addict Posts: 248   +149

    I'm not in favor of ever increasing laws, but if people can't behave sometimes the gov't needs to do it. All data breaches should be required to be reported, publicly and to the individuals involved.
    @Squid Surprise is absolutely correct, companies, especially banks, do all they can to hide these breaches as knowledge of them damages their brand.
     

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...