Imgur, a popular picture-sharing site, revealed today that it suffered a data breach in 2014, claiming it was just notified of it on November 23rd. In a blog post, Imgur said hackers stole email addresses and passwords of 1.7 million user accounts -- a small fraction of its 150 million total users. No other personal information was allegedly exposed, since Imgur says it has never asked for people's real names, addresses or phone numbers.
The company added that while it's still investigating how the information was compromised, it suspects it was due to an older hashing algorithm, SHA-256, which has since been updated. As ZDNet reports, Imgur didn't find out about the breach until the stolen data was sent to security researcher Troy Hunt, who then contacted the firm about it.
Roy Sehgal, Imgur's chief operating officer, said those who have been affected have already been informed. "We take protection of your information very seriously," he wrote, "and will be conducting an internal security review of our system and processes." Hopefully his team can figure out how this incident went unnoticed for roughly three years.
On November 23, we were notified about a data breach on Imgur that occurred in 2014. While we are still actively investigating the intrusion, we wanted to inform you as quickly as possible as to what we know and what we are doing in response. More: https://t.co/qElAetGVIc— Imgur (@imgur) November 25, 2017