On November 23, we were notified about a data breach on Imgur that occurred in 2014. While we are still actively investigating the intrusion, we wanted to inform you as quickly as possible as to what we know and what we are doing in response. More: https://t.co/qElAetGVIc
— Imgur (@imgur) November 25, 2017
ZDNet reports that Imgur was unaware of the hack until the stolen data was sent to security consultant Troy Hunt. Hunt then notified Imgur on Thanksgiving Day, when most businesses are closed. The next day, Imgur took steps to address the issue. Hunt then praised Imgur for its swift response to his news.
“I disclosed this incident to Imgur late in the day in the midst of the U.S. Thanksgiving holidays,” Hunt said. “That they could pick this up immediately, protect impacted accounts, notify individuals and prepare public statements in less than 24 hours is absolutely exemplary.”
Imgur is still investigating the cause of the breach, but said it suspects it was due to weaknesses in an older algorithm, SHA-256, which has since been updated. In terms of personal information, the site noted that it does not request personal data such as a person’s full name or address, so the hackers were not able to obtain information beyond emails and passwords.
In his post addressing the issue, CEO Roy Sehgal said that the company had already informed those who were affected and advised all users to employ safe browsing principles such as creating strong unique passwords and updating them regularly. Sehgal went on to apologize for the breach and said his company was conducting a review of the situation.
“We take protection of your information very seriously and will be conducting an internal security review of our system and processes,” Sehgal said. “We apologize that this breach occurred and the inconvenience it has caused you.”
Sadly, a strong password is no silver bullet in regards to hackers, but it is always a good first step. For help with creating strong passwords, check out our guide to “bombproof passwords.”
