Imgur confirms that its website was hacked in 2014

It’s one of the most popular websites in the world, and now it seems that Imgur has suffered a major data breach.

The image-sharing website has confirmed its website was hacked in 2014, during which time hackers stole 1.7 million email addresses and passwords.

Imgur has notified impacted users, and has recommended that they update their passwords.

It’s one of the most popular websites in the world, and now it seems that Imgur was targeted by hackers – albeit almost four years ago (stock image)

THE HACK

On November 23, an email was sent to Imgur by Troy Hunt, a security researcher who runs the website Have I Been Pwned, who had been sent information of Imgur users.

Because Imgur does not ask users for real names, addresses or phone numbers, Mr Sehgal explained that the information that was compromised did not include personally-identifying information.

While Imgur is still investigating how the hack happened, Mr Sehgal suggests that hackers may have managed to bypass its encryption system.

He said: ‘We have always encrypted your password in our database, but it may have been cracked with brute force due to an older hashing algorithm (SHA-256) that was used at the time. ‘

Thankfully Imgur updated its algorithm last year to a more secure version called bcrypt.

On November 23, an email was sent to Imgur by Troy Hunt, a security researcher who runs the website Have I Been Pwned, who had been sent information of Imgur users.

Speaking to ZDNet, Mr Hunt said: ‘I disclosed this incident to Imgur late in the day in the midst of the US Thanksgiving holidays.

‘That they could pick this up immediately, protect impacted accounts, notify individuals and prepare public statements in less than 24 hours is absolutely exemplary.’

Imgur’s Chief Operating Officer, Roy Sehgal, has now posted a blog on Imgur’s website, explaining what happened.

Mr Sehgal wrote: ‘Early morning on November 24th, we confirmed that approximately 1.7 million Imgur user accounts were compromised in 2014.

‘The compromised account information included only email addresses and passwords.’

Because Imgur does not ask users for real names, addresses or phone numbers, Mr Sehgal explained that the information that was compromised did not include personally-identifying information.

While Imgur is still investigating how the hack happened, Mr Sehgal suggests that hackers may have managed to bypass its encryption system.

He said: ‘We have always encrypted your password in our database, but it may have been cracked with brute force due to an older hashing algorithm (SHA-256) that was used at the time. ‘

While Imgur is still investigating how the hack happened, Mr Sehgal suggests that hackers may have managed to bypass its encryption system (stock image)

Thankfully Imgur updated its algorithm last year to a more secure version called bcrypt.

Imgur has informed people if they have been affected, and suggests that those users should update their passwords.

Mr Sehgal added: ‘While we are still actively investigating the intrusion, we wanted to inform you as quickly as possible as to what we know and what we are doing in response.’

GOOD PASSWORDS TO USE

Experts now believe long passwords that contain perhaps four words are much harder to break than shorter ones with a mix of letters, characters and numbers.

Long pass phrases work better because they are really long and still easy to remember.

Although people might think their choice of password is original people usually end up using the same combinations time and again – things like Pa$w0rd or Monkey1!.

The reason changing a password frequently does not help is because when most people change their password they make minor tweaks such as replacing the number 1 with a number 2.

These small changes are called ‘transformations’ and hackers are very aware of them and build them into their scripts.

The new advice is to use long but easy-to-remember ‘passphrases’, that do not need to feature special characters or numbers.

Read more at DailyMail.co.uk