The image-sharing website Imgur has informed the public yesterday about a data breach that happened a few years back. According to a statement by Imgur, approximately 1.7 million accounts were compromised in 2014.
Imgur clarifies that hackers have seemed to have acquired email addresses and passwords of affected users, but there was no personally-identifying information to be acquired so no names, addresses or phone numbers have leaked.
However, while the passwords were encrypted, they used an older and less secure SHA-256 hash that could have been broken with brute force. Imgur updated their encryption algorithms to a more modern version last year.
If you've been affected, you should have already received an email from Imgur which prompted you to change the password immediately. Obviously changing passwords on every site that shared that password is necessary as well.
However, while the passwords were encrypted, they used an older and less secure SHA-256 hash that could have been broken with brute force. Imgur updated their encryption algorithms to a more modern version last year.
If you've been affected, you should have already received an email from Imgur which prompted you to change the password immediately. Obviously changing passwords on every site that shared that password is necessary as well.