Imgur, popular meme site, confirms security breach affecting 1.7 million accounts

Imgur was contacted by a prominent security research Thursday evening about a potential security breach and confirmed within hours that 1.7 million user accounts were compromised in 2014, the site’s chief operating officer wrote in a blog post.

The hacked data consisted entirely of email addresses and passwords belonging to the equivalent of 1.7 million user accounts, said Imgur COO Roy Sehgal, or roughly one percent of the site’s 150 million monthly users.



The stolen passwords were encrypted by Imgur but still susceptible to being deciphered because they had been encoded using an out-of-date encryption method that the website has since abandoned, Mr. Sehgal said.

No other information was compromised by the breach, he said.

Imgur began notifying impacted users Friday morning and is requiring that everyone affected by the breach to update their password, he said in the blog post.

Troy Hunt, a security researcher who monitors data breaches, praised Imgur on Friday for its “exemplary handling” of the incident and said in a tweet that the company took only 25 hours to disclose the breach after being contacted.

“This is really where we’re at now: people recognize that data breaches are the new normal and they’re judging organizations not on the fact that they’ve had one, but on how they’ve handled it when its happened,” tweeted Mr. Hunt, the administrator of data breach monitoring website Have I Been Pwned.

Imgur is currently investigating the cause of the security breach, Mr. Sehgal said Friday.



The California-based website plans to disclose the data breach to the state’s attorney general and the relevant law enforcement and government agencies, Mr. Sehgal told ZDNet, where the breach was first reported Friday.

Imgur launched in 2009 and is currently the 14th most popular website in the United States and 45th worldwide, according to Alexa, an internet analytics company owned by Amazon.