Hackers stole 1.7 million login credentials from Imgur in 2014

Image website Imgur suffered a massive hack in 2014 that looted the credentials of 1.7 million users. However, the administrators have only now discovered that the data has been stolen.

Imgur posted a notice on its website informing its users of the 2014 hack. The data theft had not been previously discovered, but came to light after the administrators received an email from an unnamed security researcher. He allegedly got hold of the stolen data. Researcher Troy Hunt reports on Twitter that he provided the data.

In total, the credentials of 1.7 million users were stolen, a small fraction of Imgur’s approximately 150 million users. This concerns e-mail addresses and passwords. The images website is still investigating the hack, but suspects that the data was stolen in a brute force attack, which involved the theft of data protected by the outdated sha-256 algorithm. Imgur now uses bcrypt to encrypt data.

The users whose credentials have been stolen have been notified by email. They are obliged to change the password, so that the stolen data no longer functions.