Imgur, a popular image sharing service, has confirmed that they were hacked in 2014 and claims that it was only notified of it on November 23.
The hackers stole email addresses and passwords of 1.7 million users, which is just a fraction of its 150 million overall users. According to Imgur, no other sensitive information was exposed since they don’t ask for data including your real name, physical addresses, or phone numbers.
In a blog post, Imgur explains that it received an email from security researcher Troy Hunt, who frequently deals with data breaches. He told Imgur that he received the hacked data in question, which included passwords and email addresses. In a statement, Imgur said:
“We have always encrypted your password in our database, but it may have been cracked with brute force due to an older hashing algorithm (SHA-256) that was used at the time.”
In a statement, Imgur’s chief operating officer Roy Sehgal said:
“We take protection of your information very seriously, and will be conducting an internal security review of our system and processes.”
Imgur recommends people to use different email and password combinations for every site and application, to use strong passwords, and to frequently update them.