Image-sharing website Imgur has been alerted to a security breach in which the email addresses and passwords of 1.7 million users worldwide were compromised in 2014. Investigations are ongoing but in a public blog post, the company’s CEO has said that, although passwords were hashed using SHA-256 at the time, users should still take precautions such as using a different password for every site and application.
The website does not hold any other personal data on its users beyond email addresses, but victims who use the same email and password combinations across multiple applications or websites may be at risk. This incident is indicative of an increasing frequency of online data breaches and it is important for users of online applications to diversify their passwords to prevent being targeted when their passwords are leaked on other platforms. It is also important for companies to use a recommended form of protection for passwords in databases.
The breach was discovered by a security researcher who highlighted the “exemplary” response by the company, in which action was taken just over 24 hours after it was alerted to the compromise.