Imgur has turned out to be the victim of what has emerged as the latest trend in online hacking where the actual data breach happens years back but is detected only recently. In case of Imgur, the hack happened back in 2014 but is detected only now, with password and usernames of 1.7 million users having been stolen.
That makes for a small percentage compared to the over 150 million monthly users Imgur has to its credit. The photo sharing site, while confirming the development also stated the hack to be less severe given that the site anyways never collected user’s actual names, addresses, and phone numbers.
The hacking incident would not have been detected even now had not the stolen data sent to Troy Hunt who runs ‘Have I Been Pwned,’ a dedicated data breach notification firm. Hunt, in turn, informed Imgur of the breach on Thanksgiving Day.
Imgur, in turn, has been extremely prompt in its response in spite of it being a national holiday in the United States. Within 24 hours not only did the company began the process of resetting the password of those whose data have been stolen, but it also informed users of the breach within the time.
The chief operating officer at Imgur, Roy Sehgal stated they are yet to be sure of how exactly the hack happened, but that investigations on this are still on. Roy though stated they have already adopted a new password scrambler since 2016 which happens to be significantly stronger than what it was prior to that.
Elaborating further, the company said the password hashing on the site has been changed to bcrypt, which offers enhanced protection against hacking attempts. Before this, the site has been using the SHA-256 algorithm to scramble its passwords, which however has been hacked using brute force.
In any case, the Imgur hacking incident brings back memories of other similar other sites such as Disqus, LinkedIn, MySpace, and Yahoo that too were hacked but came to be known only later.