Imgur Confirms 1.7 Million Users Hit by Data Breach

Imgur Confirms 1.7 Million Users Hit by Data Breach
Image-sharing website Imgur has confirmed that the emails and passwords of 1.7 million users were compromised in 2014. The data breach has only recently come to light after being discovered by security researcher Troy Hunt. Mr Hunt said he was impressed with the company’s swift response.

Imgur said in a statement that no other personal data had been taken as it did not collect information such as real names and phone numbers. “We apologise that this breach occurred and the inconvenience it has caused you,” wrote Roy Sehgal, Imgur’s chief operating officer, in a blog post.

Mr Sehgal said Imgur was “still investigating” but its former encryption method – a hashing algorithm – may have been “cracked with brute force”. That algorithm had been replaced in 2016, he added.

“We recommend that you use a different combination of email and password for every site and application,” he wrote. “Please always use strong passwords and update them frequently.”

Troy Hunt tweeted that Imgur had released a statement 25 hours after he had contacted the company. “This is really where we’re at now: people recognise that data breaches are the new normal and they’re judging organisations not on the fact that they’ve had one but on how they’ve handled it when it’s happened,” he wrote.

This month it was revealed that ride-hailing app Uber had concealed a 2016 data breach affecting 57 million users and drivers. It also admitted to paying the hackers $100,000 (£75,000) to delete the stolen data. “None of this should have happened,” said chief executive Dara Khosrowshahi.

Cash Converters Reveals Customer Data Breach

Cash Converters Reveals Customer Data Breach
High Street pawnbroker Cash Converters has warned customers about a data breach on its website. The company said customer usernames, passwords and addresses had potentially been accessed by a third party. The data breach exposed accounts on the company’s old UK website, which was replaced in September 2017.

The company told the BBC it was taking the breach “extremely seriously” and had reported it to the information commissioner.

Cash Converters lets people trade in items such as jewellery and electronics for cash, and then sells the items on to others. It operates an online store that lets people buy items traded in at Cash Converters shops around the UK.

The online store was relaunched in September 2017, and the data breach affected only people with an account on the old website.

Cash Converters said no credit card information had been breached, and people who visited its stores but did not use the website had not been affected. “Our customers truly are at the heart of everything we do, and we are disappointed that they may have been affected,” the company said in a statement. “We apologise for this situation and are taking immediate action to address it.”