Imgur reveals a security breach affecting 1.7 million accounts | News and opinion


Imgur, which has around 150 million monthly users, confirmed this weekend that a trick of 2014 could have made life a bit unpleasant for a small fraction of them. According to a post on Friday on Imgur's blog, the company says it learned the day before that a security breach in 2014 exposed the email addresses and pbadwords of approximately 1.7 million user accounts.

"We are still investigating how the account information was compromised. We have always encrypted your pbadword in our database, but it may have been deciphered with brute force due to an older hashing algorithm (SHA-256) that was used At that time, we updated our algorithm to the new bcrypt algorithm last year. "Read a publication by Roy Sehgal, director of operations at Imgur.

Imgur notes that only email addresses and pbadwords were affected by this security problem, as the company does not ask users for any other personally identifiable information. It has begun to reach users who have been affected by the trick and imposes a mandatory reset of the pbadword for them, not for the Imgur community.

From now on, Imgur suggests that users create strong and frequently updated pbadwords, and that they use unique combinations of user names and pbadwords to log into websites and web services.

"We take the protection of your information very seriously and we will carry out an internal security review of our system and our processes, there was an infraction and the inconvenience that caused it." If you have any questions, we invite you to get in touch with us at [email protected] "Sehgal writes.

Troy Hunt, who runs the website, I have? Been Pwned, initially received the stolen list of user accounts and pbadwords, 60 percent of which already exist in the tracking database of your website. As ZDNet points out, on Thursday it revealed the security breach to Imgur, praising the company for its quick response outside of working hours.

"I revealed this incident to Imgur at the end of the day in the middle of the United States Thanksgiving holiday, they could collect this immediately, protect impacted accounts, notify people and prepare public statements in less than 24 hours is absolutely exemplary, "said Hunt, in an interview with ZDNet

Source link

Leave a Reply

Your email address will not be published.