Now this is how to deal with a breach. Good job Imgur.
11 months into 2017 and it feels as though there has been breach after breach of some major company’s data. One of the more recent companies to face a cybersecurity breach, Imgur (the best place to share awesome images online), have set exemplary standards for handling the problem.
Imgur was notified of the breach by Troy Hunt on 23rd November 2017 – note this was the Thursday of Thanksgiving weekend. Yet, Imgur managed to pull a team together and by 24th November, had released a statement from their COO to explain what had happened. That’s 25 hours, not 13 months, *cough* Uber! *cough*.
The company announced that they had become aware that 1.7 million users had their data stolen. However, the data only consisted of email addresses and hashed passwords. Imgur do not ask for and therefore do not store any personally-identifiable information.
“Imgur has never asked for real names, addresses, phone numbers, or other personally-identifying information (“PII”), so the information that was compromised did NOT include such PII.” Roy Segal, COO.
There is still a slight risk, as recognised by Roy Segal, Chief Operating Officer, that the hackers may have cracked the site’s password encryption, due to the older SHA-256 algorithm. This is notoriously susceptible to brute force attacks and was updated in 2016. An investigation is under way to understand if this could have happened, along with how the breach actually happened.
As always, CounterHack concur with what Imgur are suggesting; always have different passwords for your online accounts and try to use some kind of password management tool to keep on top of them all. And only change those passwords when you suspect they may have been compromised.
Tony Hunt, who originally notified Imgur of the potential breach was quick to praise the way the company handled it.
We would like to join him. Good job Imgur! You could teach some of the other big players a thing or two about ‘responsible breach notification’.
Would you like to learn more about dealing with cyber breaches when they happen? CounterHack can help. Contact us today.
