Imgur reveals major data breach

null

Popular online photo site Imgur has revealed it suffered a major hack that saw the details of millions of users stolen. 

The site, which is one of the most-visited pages on the Internet, has confirmed the details of 1.7 million users, including email addresses and passwords, were stolen during a hack back in 2014.

These details remained secret for several years before being passed on to security researcher Troy Hunt, the man behind alert website HaveIBeenPwned?, who alerted Imgur to the breach.

Imgur says that it is still investigating how the breach happened, but has begun notifying users who may have been affected to change their passwords immediately.

The company has been a strong proponent of data encryption in the past, as it has always done so with the information submitted by its users in the past. 

However it appears that this 2014 breach may have been cracked with a brute force attack against an older version of the encryption hashing algorithm, which Imgur says was updated to the latest version last year.

"We take protection of your information very seriously and will be conducting an internal security review of our system and processes," Roy Sehgal, Imgur's chief operating officer said in a statement. "We apologise that this breach occurred and the inconvenience it has caused you."