1.7 million accounts hacked in 2014 Imgur data breach
Good Guy Greg, Scumbag Steve, and their fellow meme friends had better shore up their online security.
On Friday, photo sharing community Imgur broke the news that the company was the target of a security breach in 2014. According to a company blog post, the data breach gained access to the email addresses and passwords of 1.7 million Imgur users.
Imgur first learned of the breach at 4 p.m. PST on Thanksgiving day. Troy Hunt who runs the data breach notification service Have I Been Pwned? notified Imgur when he received the data in the form of stolen usernames and passwords, according to ZDNet.
Hunt has since praised Imgur for swiftly taking action. Which means Imgur CEO Alan Schaaf and COO Roy Sehgal definitely did not get to enjoy their turkey.
Sehgal wrote in the company blog post that Imgur is still investigating how the hackers gained access to the site. However, at this time, they suspect that passwords were "cracked with brute force due to an older hashing algorithm (SHA-256) that was used at the time." Imgur updated their encryption in 2016, two years after the hack.
They're advising users to change their passwords, while still noting that Imgur's policy of never asking for real identifying information means names and other "personally-identifying information" (PII) have not been exposed. To which some Imgur users are responding: