Imgur confirms 1.7 million users hit by data breach

  • Published
Imgur website on a laptopImage source, Alamy

Image-sharing website Imgur has confirmed that the emails and passwords of 1.7 million users were compromised in 2014.

The data breach has only recently come to light after being discovered by security researcher Troy Hunt.

Mr Hunt said he was impressed with the company's swift response.

Imgur said in a statement that no other personal data had been taken as it did not collect information such as real names and phone numbers.

"We apologise that this breach occurred and the inconvenience it has caused you," wrote Roy Sehgal, Imgur's chief operating officer, in a blog post, external.

Mr Sehgal said Imgur was "still investigating" but its former encryption method - a hashing algorithm - may have been "cracked with brute force".

This Twitter post cannot be displayed in your browser. Please enable Javascript or try a different browser.View original content on Twitter
The BBC is not responsible for the content of external sites.
Skip twitter post by Troy Hunt

Allow Twitter content?

This article contains content provided by Twitter. We ask for your permission before anything is loaded, as they may be using cookies and other technologies. You may want to read Twitter’s cookie policy, external and privacy policy, external before accepting. To view this content choose ‘accept and continue’.

The BBC is not responsible for the content of external sites.
End of twitter post by Troy Hunt

That algorithm had been replaced in 2016, he added.

"We recommend that you use a different combination of email and password for every site and application," he wrote.

"Please always use strong passwords and update them frequently."

Troy Hunt tweeted that Imgur had released a statement 25 hours after he had contacted the company.

"This is really where we're at now: people recognise that data breaches are the new normal and they're judging organisations not on the fact that they've had one but on how they've handled it when it's happened," he wrote.

This month it was revealed that ride-hailing app Uber had concealed a 2016 data breach affecting 57 million users and drivers.

It also admitted to paying the hackers $100,000 (£75,000) to delete the stolen data.

"None of this should have happened," said chief executive Dara Khosrowshahi.