[German]Image hoster imgur confirmed, that they has been hacked in 2014. The intruders has stolen email addresses and password for login.
The confirmation has been published yesterday (Nov. 24, 2017), on Black Friday. The company was informed at November 23, 2017 about the data breach from a security researcher.
On November 23, Imgur was notified of a potential security breach that occurred in 2014 that affected the email addresses and passwords of 1.7 million user accounts. While we are still actively investigating the intrusion, we wanted to inform you as quickly as possible as to what we know and what we are doing in response.
On the afternoon of November 23rd, an email was sent to Imgur by a security researcher who frequently deals with data breaches. He believed he was sent data that included information of Imgur users. Our Chief Operating Officer received the email late night on November 23rd and immediately corresponded with the researcher to learn more about the potential breach. He simultaneously notified Imgur’s Founder/CEO and Vice President of Engineering. Our Vice President of Engineering then arranged to securely receive the data from the researcher and began working to validate that the data belonged to Imgur users.
It seems, that 1,7 1.7 million user accounts data (email addresses and passwords) has been stolen. Imgur has monthly 150 million users. Currently imgur investigates, how the hack occured.
Imgur has always encrypted passwords within the database, but it may have been cracked with brute force due to an older hashing algorithm (SHA-256) that was used at the time. Imgur updated the algorithm to the new bcrypt algorithm last year.
Impacted users has been notified via their registered email address. Imgure are immediately requiring that these users update their password. (via)