Image-sharing site Imgur says 1.7 million email addresses and passwords were compromised in a 2014 breach that was only recently discovered.
Imgur said Friday it first learned of the years-old hack on Thursday from a security researcher. The security researcher has been identified by ZDNet as Troy Hunt, who runs data breach notification service Have I Been Pwned.
The hack, which affected a fraction of Imgur’s 150 million monthly users, didn’t include users’ personal information because the site never gathered real names, addresses or phone numbers.
Imgur said the hack is still under investigation but believes an older password encryption system in use at the time of the hack allowed hackers to breach the system using a brute force attack. The company said it updated its algorithm last year.
“While we are still actively investigating the intrusion, we wanted to inform you as quickly as possible as to what we know and what we are doing in response,” Imgur said in a statement.
Hunt praised the company’s swift response to news of the hack.
“I disclosed this incident to Imgur late in the day in the midst of the US Thanksgiving holidays,” Hunt said. “That they could pick this up immediately, protect impacted accounts, notify individuals and prepare public statements in less than 24 hours is absolutely exemplary.”
Special Reports: All of CNET’s most in-depth features in one easy spot.
It’s Complicated: This is dating in the age of apps. Having fun yet? These stories get to the heart of the matter.