Another day, another data breach.
This time Imgur, an online image sharing community and image host, was the victim along with more than one million of its users.
According to an Imgur blog post, it just discovered a security breach that occurred in 2014, impacting the e-mail addresses and passwords of 1.7 million accounts.
Real names, addresses, phone numbers and other personally-identifying information are not required to register with Imgur, so no other personal data was compromised.
“We are still investigating how the account information was compromised,”chief operating officer Roy Sehgal said. “We have always encrypted your password in our database, but it may have been cracked with brute force due to an older hashing algorithm (SHA-256) that was used at the time. We updated our algorithm to the new bcrypt algorithm last year.”
Imgur has been sending out e-mail notifications to users asking them to immediately update their password.
“We recommend that you use a different combination of e-mail and password for every site and application,” Sehgal added. “Please always use strong passwords and update them frequently.”
Imgur said it first became aware of the breach Nov. 23 after receiving an e-mail from a security researcher who was sent data that included the information of Imgur users. Once Imgur verified that the data did indeed belong to its users, it launched an investigation into the breach.
“We take protection of your information very seriously and will be conducting an internal security review of our system and processes,” Sehgal said. “We apologize that this breach occurred and the inconvenience it has caused you.”