
Imgur Data Breach: Personal details of 1.7M user accounts stolen - sus_007
https://blog.imgur.com/2017/11/24/notice-of-data-breach/
======
moepstar
With a breach every other week (or even more than one a week) one's getting
pretty indifferent to yet another one...

Use a password manager and consider everything you entered in a form somewhere
to be public knowledge...

That being said, i want companies that have been breached being audited - and
if proven careless, sued for damages.

------
fwn
> "Imgur has never asked for real names, addresses, phone numbers, or other
> personally-identifying information (“PII”), so the information that was
> compromised did NOT include such PII."

This sounds somewhat cheeky at first, but is in fact the greatest prophylaxis
against breachs. Do not store & collect data you don't absolutely need.

~~~
chmars
Most e-mail addresses are actually personally-identifying information
(according to European data privacy laws and in also in, ehmmm, reality).

------
ochronus
How about social sign-in data like tokens? Was that stolen as well?

------
ryanlol
Imgur knew of this breach, just didn’t bother to announce/investigate until an
external party sent them their user db.

------
pksadiq
When CDN like cloudflare are used (as in HN), won't cloudflare get the text I
send?

If so, doesn't that mean that cloudflare can know many of my passwords?

~~~
londons_explore
Cloudflare, and Amazon AWS for many sites, and your browser's data compression
proxy (if you have that enabled).

All of those companies have hundreds of people who could access the data. And
any misconfiguration or bug could open a hole for the whole world to see the
data...

------
PeachPlum
If they don't know about how, it means it could be ongoing. But they are only
informing users from 2014.

This is what happens when you use a hashing algorithm to encrypt things.

