According to a post on the Imgur website, they have suffered a data breach that affects 1.7 million users of the site. For those who don’t use the site, Imgur is an online image sharing community and image host founded by Alan Schaaf in 2009. Since its start it has been one of the most popular ways to post images and host images.
In 2010 Imgur introduced Imgur accounts, which allow users to create custom image galleries and manage their images. Accounts allow full image management including editing, deletion, album creation and embedding, and the ability to comment on viral images and submit to the public gallery. Gallery profiles give the user the ability to view their past public activity. According to the help section on Imgur, there is no image upload limit per account, but there is an upload limit of 50 images per IP address per hour. Paid pro accounts were created in 2010 to remove these limitations and allows infinite image storage, as well as increased upload limits.
It is those Imgur accounts that were affected by the data breach. The following is part of the Notice of Data Breach posted by Imgur
In the case of Imgur, they don’t ask for any identifying information (names, addresses, credit card info) when you open your account, so that isn’t that problem. Where the problem happens is that a majority of users have the same user name / password that is used for their email as the log in for other accounts. So if your log in info at Imgur is [email protected] and your password is Password1234 and you also use that exact same info to get into your yahoo account the bad guys now could have access to your email account. And many of you reading this post know you do this.
That is why it is advisable to use a different password at each site (at least), and to chance your passwords on a regular basis, in case a breach happens.