Imgur Account Info Hacked

Many of us (including myself) use Imgur as a pic-hosting site, please be aware that Imgur was hacked in 2014 but only discovered the breach last week:

https://techcrunch.com/2017/11/27/imgur-says-1-7m-emails-and-passwords-were-breached-in-2014-hack/

 

Hosting site vulnerability is the reason I never post images to this forum. Nothing is free my friends.

 

Well....
It has been part of Xenforo since at least 2010

but due to potential cost and legality issues that has been disabled in these forums...

 

Much appreciated for the warning! Hard to believe they only now discovered this breach!

 

You do realize that you could just set up an account with a fake name since imgur doesn't ask for any personal information, right?

 

A fake name and a fake computer? The problem is not the name, it is the junk loaded on your computer not to mention all the questionable adds people have to suffer when they link to your content.

 

I use Postimage when I wanna share my shenanigans and just keep pictures stored on my computer rather than online.

 

Given the lack of personal information that imgur hold I'm not worried. You should never use the same email & password combination across multiple sites for this very reason.

 

thanks for the heads up! Also lets see if this reply gets deleted seems like ive had alot of my posts deleted today....

 

1. Copy/Paste pic into a Discord channel
2. Open pic in Discord and view original
3. Copy URL of pic
4. Paste URL into forum

Takes seconds and no website needed.

 

yes is what i do use discord for my pic uploads

 

For the lazy:

1. Copy/Paste (or drag and drop!) pic into a Discord channel
2. Right-click, Copy Link of pic
3. Paste URL into forum

 

Thanks for the heads up! It's crazy that they are not telling people about it....

 

For the Really lazy:

1. Take picture/Screenshot
2. Never upload it

Foolproof!

 

The thing about all of these suggestions is that it's possible any of these other places could get hacked just like imgur did.

I guess Preachyr's suggestion would work

 

1. Do not use passwords. Use a passphrase.
2. Come up with a way to combine your passphrase with different concepts that only make sense to you, such that you have a unique passphase for every single site you use.
3. If 2 sounds hard, then use a master password service, and make use of forgot password services on sites. Do not register with any entity that does not offer HTTPS.
4. If you still think this sounds hard, have "faith" in proven scientific studies that show that humans are actually very good at remembering many different secret access phrases, it only appears to be a daunting task on the surface.
5. Enjoy not caring a whole lot if one service gets breached - that password is useless anywhere else!

Srsly just use a unique password on every thing you use, its not hard, Ive been doing it for a very long time, and I get better at remembering my unique passphrases every year. I even actually have my own sort of "algorithm" for how I jumble special characters into it (#$%^&*!_-+=><etc...).

Maybe your phassphrase is something like "mommakesthebestturkey". 8-12 chars is simply not long enough these days.

Then you think about the best year for your mom's turkey, 2017, and you splice it into the phrase, like "mom2makes0the1best7turkey"

Then you can just spice it up a bit, a la "!moM2maKes0tHe1bEst?tu|2k3y$"

...and come up with a clever way of mixing that up for the different sites you would never, ever want someone compromising. Rotate them too, perhaps every 6-10 months or so.

That might seem like a lot. Trust me, type it a few thousand times, and you wont have a problem doing it, even all the variations for all your diff sites.

Or just use master password and hope no one gets access to your physical machine/device. As a technologist, Id never do that, I just get really freaking good at typing my passphrases.

These are the times you live in. The amount of data breaches that occur are far higher than what are reported in mainstream news.The cost to hack your weak security is minuscule compared to what is gained. It gets easier every year. And please, at the very least, please do not reuse the same password on two different sites that are your "top level" security - email you use for identity and that contains sensitive personal data (for identity theft to financial theft), financial sites, or any site you have a credit card stored on.

 

Alternatively buy yourself a domain name and use a unique email address for each site.

 

I have a rule: Do not save your password in your browser. Not because of any risk associated with that, but rather, if you have to type your password in each time you are more likely to remember it.

 

This can be used to discover who is selling your information, as well. If each email address you use is unique to the place you signed up, and you start to get email to that address from other places you know immediately who sold it. Just like using a fake name a couple decades ago when signing up for snail-mail newsletters and catalogs.