STE WILLIAMS

.GIF garage Imgur plugs 1.7 million-subscriber creds breach

The world’s self-described “most awesome” collection of images, Imgur, has confessed to leaking 1.7 million user records in 2014.

The company was advised of the breach by HaveIBeenPwned administrator Troy Hunt on November 23, 2017.

Imgur’s chief operating officer Roy Sehgal posted confirmation of the breach. Hunt took to Twitter to say that notice came 25 hours after he notified the company it had a problem.

Hunt also noted that 60 per cent of the e-mail addresses he examined could already in the HaveIBeenPwned database after being revealed in previous breaches of other sites.

Imgur’s notice said users’ registered e-mail addresses and hashed passwords were leaked, but no personally-identifying information was included. Here’s an excerpt from the company’s statement:

“Early morning on November 24th, we confirmed that approximately 1.7 million Imgur user accounts were compromised in 2014. The compromised account information included only email addresses and passwords. Imgur has never asked for real names, addresses, phone numbers, or other personally-identifying information (“PII”), so the information that was compromised did NOT include such PII.”

The only risk to passwords is that until 2016 Ingur used SHA-256 to encrypt passwords, and that algorithm is susceptible to brute-force attacks. The has therefore required affected users to change their password.

Seghal said the site’s investigation into how the breach occurred is ongoing. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2017/11/27/imgur_breach/

  • 27/11/2017
  • adm
Comments are closed.