Image Sharing Site Imgur Hacked In 2014 - 1.7 Million Records Exposed

Posted on December 4, 2017 by Admin

Uber isn’t the only company recently announcing a data breach that occurred long ago. News of the popular image-sharing site, Imgur made it out just after Uber admitted it concealed a breach of 57 million records. Imgur suffered a breach as well…back in 2014. The company was just made aware of it recently by Troy Hunt, who runs the data breach service Have I Been Pwned. Information exposed in the incident included poorly secured passwords.

To its credit, the company started reacting immediately after it was informed of this tidbit of information. It has forced password resets for the 1.7 million users it believes were affected. However, all users are urged to change passwords regardless of whether or not they received the notice from Imgur.

When choosing passwords, use something unique to that site. It should have at least eight characters, include numbers and special characters, and have both upper and lower case letters.

In addition, if multi-factor authentication (MFA) is available, activate it. This will keep others from logging into the account with merely a password. In order to have access, a separate task will need to be completed, such as entering a one-time randomly generated code that is emailed or sent via text.

Email addresses were also accessed in this breach. Therefore, as is usual practice after email addresses are stolen, Imgur users should be aware of phishing email messages regarding account verification or other Imgur-related details. To verify any personal information, just log into your account independently rather than click a link or attachment.

Imgur does not believe that anything malicious has occurred as a result of this, but since it did happen several years ago, there is really no way to know for certain. What has been determined is that the email addresses in this incident were found on the Troy Hunt’s website to the tune of 60% of them.

Imgur has also since made the password encryption more secure. But if you use the same username and password combination for any other website, be sure to change those passwords too.

Posted in Cybersecurity, Social Engineering