Imgur has learned that the data of 1.7 million of its users has been compromised, the picture-sharing website revealed Friday.
Imgur said it learned of the 2014 security breach on Thursday when the chief operating officer received an email from a security researcher who deals with data breaches. After further investigation, Imgur confirmed the hacking. According to the website, the hacked information included email addresses and passwords, but it reminded users that since Imgur doesn’t ask for real names, addresses, and phone numbers, no personally identifying information was compromised.
The site said it’s still investigating how the data was hacked, especially since it encrypts passwords in its database.
“It may have been cracked with brute force due to an older hashing algorithm (SHA-256) that was used at the time,” wrote Imgur COO Roy Sehgal. “We updated our algorithm to the new bcrypt algorithm last year.”
Imgur is requiring the users who were affected—and Imgur has emailed everybody who was compromised—to update their passwords, and it’s recommending that everybody else use strong passwords that differ from other websites and that are frequently updated.
“We take protection of your information very seriously and will be conducting an internal security review of our system and processes,” Sehgal wrote. “We apologize that this breach occurred and the inconvenience it has caused you.”