Imgur Photo sharing site Imgur has admitted a massive breach of users’ data
Imgur said the hackers did not obtain other personal details such as real names or phone numbers because the site does not ask for them when people open an account.
The hack went unnoticed for nearly four years until the stolen date was sent to Troy Hunt, reports ZDNet.
// It can be interesting – Download metal albums, torrent music, online library of metal and rock music //
He emailed Imgur last Thursday – when most US offices were closed for Thanksgiving.
The next day Imgur began asking affected users to reset their passwords and published a warning on its website.
Troy, who runs data breach notification service Have I Been Pwned, said: “That they could pick this up immediately, protect impacted accounts, notify individuals and prepare public statements in less than 24 hours is absolutely exemplary.”
The 1.7million swiped accounts are only a fraction of Imgur’s 150million monthly users.
Imgur’s chief operating officer Roy Sehgal said the company was “still investigating” how the account data was compromised, and added security had improved since the breach.
The login details were scrambled in the company’s database with the SHA-256 algorithm, which could have been cracked. It has since been replaced with the stronger password protector Bcrypt.
Anyone who uses the same email address and password combination on other sites should change them immediately, the firm said.
Last week it was revealed Uber paid hackers £75,000 “hush money” to cover up an astonishing data breach affecting 57million customers in 2016.
