IMGUR, one of the world’s largest image-sharing community has confirmed that a data breach occurred in 2014 has leaked email addresses and passwords of more than 1.7 million of its users. But the company also added in its statement that the data leak occurred due to a scrambled SHA-256 algorithm which has been totally replaced now.
Note- Since, 2016, IMGUR is using bcrypt (blowfish Cipher) algorithm.
IMGUR’s CEO has notified to all the users of the image hosting service that no personal information was leaked in the incident because the site has never asked for real names, addresses or phone numbers.
Technically, the stolen accounts information represents a fraction of Imgur’s 150 million monthly users.
As per the details available to our Cybersecurity Insiders, the hack went unnoticed for 4 years, until a security researcher Troy Hunt informed IMGUR that he has details of stolen info of Imgur users. The researcher who owns “Have I been Pwned” immediately informed IMGUR about the issue on Thursday, the Thanksgiving day. But as it was a national holiday, the CEO of IMGUR reacted to the email on late Friday. He immediately informed all senior members of the management and made the issue Publicly.
The company is still investigating the cause of hack and believes that the hack could be a result of an older algorithm which was used at that time.
Troy Hunt has announced that over 60% of email addresses were already in “Have I Been Pawned” database for more than a year.
Note- Have I been pwned database hosts more than 4.8 billion records for now.