Popular image-sharing site Imgur revealed 1.7 million email addresses and passwords were lost in a 2014 data breach. We first learned of the 2014 Imgur hack on Thursday from a security researcher. The security researcher has been identified by ZDNet as Troy Hunt, who runs data breach notification service Have I Been Pwned.
Troy Hunt has since tweeted through the @haveibeenpwned Twitter account to confirm that a majority of the stolen credentials were already in his database.
New breach: imgur was hacked in 2013. 4 years later, 1.7M records with email addresses and cracked passwords surfaced. 60% were already in @haveibeenpwned. Read more: https://t.co/uTfmTUpXDJ
— Have I been pwned? (@haveibeenpwned) November 25, 2017
The Imgur hack should be less of a concern since the image-sharing site only collects email addresses and passwords. In a blog post on Friday, the company said it was “actively investigating the incident.” Moreover, its database “may have been cracked with brute force due to an older hashing algorithm (SHA-256) that was used at the time.” The statement suggests Imgur hackers could have decrypted the stolen credentials using brute force attack.
Is 2017 the Year of Data Breaches or what?
If you thought last year’s breach of over 3 billion records was devastating, then hold your horses right there. This year has seen far worse data breaches and we still have a month to go. From attacks, hacks, ransoms and extortion attempts, we’ve seen it all.
Let’s take a look back at some of the biggest data breaches of the year so far –
- Anonymous hacks Freedom Hosting II, a fifth of the dark web.
- Over 14 million Verizon customers’ data exposed in security lapse.
- 1.9 million Bell Canada customer email addresses swiped by hackers.
- 77 million accounts of students, teachers, parents stolen from popular ed-tech platform Edmodo.
- Altassin’s HipChat hacked, with usernames, passwords and messages stolen.
- PayDay lender Wonga breached affecting more than one-quarter of a million lenders.
- WannaCry ransomware affects 104 countries in a massive global cybersattack.
- Mobile hacking firm Cellebrite hacked with 900GB of data stolen.
- Travel giant Sabre hacked in a massive data breach.
- Wikileaks obtains and publishes a trove of documents detailing CIA’s hacking efforts.
- Hackers breach Virgin America’s corporate network compromising confidential personal information of thousands of employees.
- Deloitte confirms a cyberattack resulting in the theft of confidential documents and emails.
- Cloudflare security breach exposes data from OKCupid, Fitbit, Uber and iPassword.
- The mother of all hacks: Equifax suffers a massive hack exposing 143 million social security numbers.
- Usernames, email addresses, and hashed passwords of 699,000 user accounts are stolen from font-sharing site DaFont.
- More than 60 universities and US federal government organizations are compromised by Rasputin hacker.
- Hackers threaten to wipe millions of iCloud accounts.
- Hackers carry out ‘radio replay’ attack setting off Dallas emergency siren system.
- Leaked TSA documents from a passwordless backup drive reveal litany of airport’s lack of security measures.
- Password manager OneLogin hit by massive data breach.
Important information for readers of Technowize with an Imgur account: If you’ve created an Imgur account before 2014 you should change your password. We also advise our readers to run your email addresses through haveibeenpwned.com to learn about any breached accounts and pastes.