The well-known picture-sharing website Imgur has confirmed that in 2014, there was a security compromise that resulted in the theft of email addresses and passwords.
The company said that as its service has never requested actual names, addresses, or phone numbers, personal information was not compromised.
According to the company, the passwords that were taken advantage of were secured by the SHA-256 hashing technique, which is easily cracked by brute force attacks.
Although Imgur is looking into the issue, it's still not apparent how it happened and why it was made public just three years later.
Source: https://securityaffairs.com/65991/data-breach/imgur-2014-data-breach.html
TPRM report: https://scoringcyber.rankiteo.com/company/imgur
"id": "img214181223",
"linkid": "imgur",
"type": "Data Leak",
"date": "11/2017",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'industry': 'Technology',
'name': 'Imgur',
'type': 'Company'}],
'attack_vector': 'Unknown',
'data_breach': {'data_encryption': 'SHA-256 hashing',
'data_exfiltration': True,
'personally_identifiable_information': 'No',
'sensitivity_of_data': 'Medium',
'type_of_data_compromised': ['Email addresses', 'Passwords']},
'date_detected': '2017',
'date_publicly_disclosed': '2017',
'description': 'In 2014, Imgur experienced a security breach resulting in the '
'theft of email addresses and passwords. The passwords were '
'hashed using SHA-256, which can be vulnerable to brute force '
'attacks.',
'impact': {'data_compromised': ['Email addresses', 'Passwords']},
'investigation_status': 'Under investigation',
'motivation': 'Unknown',
'post_incident_analysis': {'root_causes': ['Weak password hashing']},
'recommendations': ['Use stronger hashing algorithms for passwords',
'Implement regular security audits'],
'references': [{'source': 'Imgur'}],
'threat_actor': 'Unknown',
'title': 'Imgur Data Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'Weak password hashing (SHA-256)'}