Preface
On November 23, 2017 imgur was notified of a potential security breach. The breach affected email addresses and passwords of approximately 1.7 million imgur users – with duplicates, the data includes 1,757,680 records.
What data is at risk?
After the data breach was disclosed, the imgur team said that data at risk includes email addresses and passwords. The service says it always encrypted user passwords, but it admits passwords may have been cracked using brute force due to an older hashing algorithm (SHA-256) that was used at the time. In a blog post the service also mentioned that they have updated their password hashing algorithm since 2016 – they now use bcrypt.
Email addresses
imgur is a pretty small data breach compared to some of the biggest ones, but nonetheless, the data breach has some interesting data to analyze. Top 100 of the most frequently used imgur email domains can be seen below:
| # | Email Domain | User count | Purpose / Country |
|---|---|---|---|
| 1 | gmail.com | 723,813 | Commercial / United States |
| 2 | hotmail.com | 297,543 | Commercial / United States |
| 3 | yahoo.com | 266,183 | Commercial / United States |
| 4 | aol.com | 37,001 | Commercial / United States |
| 5 | live.com | 34,892 | Commercial / United States |
| 6 | hotmail.co.uk | 24,607 | United Kingdom |
| 7 | ymail.com | 12,215 | Commercial / United States |
| 8 | msn.com | 9,935 | Commercial / United States |
| 9 | comcast.net | 9,753 | Network Infrastructure |
| 10 | mail.ru | 8,512 | Russia |
| 11 | aim.com | 7,885 | Commercial / United States |
| 12 | yahoo.com.tw | 7,240 | Taiwan |
| 13 | me.com | 6,646 | Commercial / United States |
| 14 | live.co.uk | 5,917 | United Kingdom |
| 15 | rocketmail.com | 5,757 | Commercial / United States |
| 16 | yahoo.co.uk | 5,735 | United Kingdom |
| 17 | yahoo.com.hk | 5,570 | Hong Kong |
| 18 | googlemail.com | 5,569 | Commercial / United States |
| 19 | mailinator.com | 4,876 | Commercial / United States |
| 20 | outlook.com | 4,649 | Commercial / United States |
| 21 | 163.com | 4,529 | Commercial / United States |
| 22 | qq.com | 4,511 | Commercial / United States |
| 23 | sbcglobal.net | 4,277 | Network Infrastructure |
| 24 | live.ca | 4,064 | Canada |
| 25 | hotmail.fr | 3,854 | France |
| 26 | web.de | 3,552 | Germany |
| 27 | yahoo.ca | 3,120 | Canada |
| 28 | yandex.ru | 3,073 | Russia |
| 29 | dayrep.com | 2,969 | Commercial / United States |
| 30 | hotmail.ca | 2,898 | Canada |
| 31 | teleworm.us | 2,874 | United States |
| 32 | gmx.de | 2,859 | Germany |
| 33 | verizon.net | 2,416 | Network Infrastructure |
| 34 | att.net | 2,395 | Network Infrastructure |
| 35 | mail.com | 2,370 | Commercial / United States |
| 36 | naver.com | 2,204 | Commercial / United States |
| 37 | hotmail.es | 2,182 | Spain |
| 38 | 126.com | 2,181 | Commercial / United States |
| 39 | cox.net | 2,067 | Network Infrastructure |
| 40 | gmx.com | 2,036 | Commercial / United States |
| 41 | hotmail.it | 2,003 | Italy |
| 42 | live.com.au | 1,906 | Commercial / United States |
| 43 | wp.pl | 1,872 | Poland |
| 44 | yahoo.com.vn | 1,844 | Vietnam |
| 45 | yahoo.co.jp | 1,830 | Japan |
| 46 | mac.com | 1,777 | Commercial / United States |
| 47 | o2.pl | 1,696 | Poland |
| 48 | hotmail.de | 1,639 | Germany |
| 49 | yahoo.com.br | 1,620 | Brazil |
| 50 | abv.bg | 1,617 | Bulgaria |
| 51 | btinternet.com | 1,571 | Commercial / United States |
| 52 | live.nl | 1,563 | The Netherlands |
| 53 | live.se | 1,556 | Sweden |
| 54 | yahoo.de | 1,389 | Germany |
| 55 | rmqkr.net | 1,329 | Network Infrastructure |
| 56 | yahoo.co.id | 1,279 | Indonesia |
| 57 | live.fr | 1,208 | France |
| 58 | bellsouth.net | 1,169 | Network Infrastructure |
| 59 | windowslive.com | 1,168 | Commercial / United States |
| 60 | seznam.cz | 1,139 | Czech Republic |
| 61 | shaw.ca | 1,127 | Canada |
| 62 | yahoo.in | 1,100 | India |
| 63 | yahoo.com.au | 1,088 | Commercial / United States |
| 64 | icloud.com | 1,087 | Commercial / United States |
| 65 | armyspy.com | 1,067 | Commercial / United States |
| 66 | gmx.net | 1,056 | Network Infrastructure |
| 67 | yahoo.fr | 1,046 | France |
| 68 | sina.com | 930 | Commercial / United States |
| 69 | charter.net | 927 | Network Infrastructure |
| 70 | sharklasers.com | 894 | Commercial / United States |
| 71 | yahoo.es | 887 | Spain |
| 72 | live.dk | 844 | Denmark |
| 73 | optonline.net | 833 | Network Infrastructure |
| 74 | libero.it | 791 | Italy |
| 75 | earthlink.net | 778 | Network Infrastructure |
| 76 | freemail.hu | 777 | Hungary |
| 77 | yahoo.com.cn | 762 | Commercial / United States |
| 78 | hotmail.se | 752 | Sweden |
| 79 | rogers.com | 750 | Commercial / United States |
| 80 | live.it | 705 | Italy |
| 81 | yahoo.it | 693 | Italy |
| 82 | yopmail.com | 682 | Commercial / United States |
| 83 | live.de | 661 | Germany |
| 84 | bk.ru | 650 | Russia |
| 85 | citromail.hu | 645 | Hungary |
| 86 | yahoo.co.in | 644 | India |
| 87 | interia.pl | 601 | Poland |
| 88 | live.no | 599 | Norway |
| 89 | hushmail.com | 587 | Commercial / United States |
| 90 | live.hk | 563 | Hong Kong |
| 91 | hotmail.com.br | 555 | Brazil |
| 92 | rtrtr.com | 544 | Commercial / United States |
| 93 | inbox.lv | 541 | Latvia |
| 94 | gmx.at | 536 | Austria |
| 95 | yahoo.com.ar | 524 | Commercial / United States |
| 96 | bigpond.com | 520 | Commercial / United States |
| 97 | hotmail.co.nz | 499 | New Zealand |
| 98 | rambler.ru | 494 | Russia |
| 99 | rediffmail.com | 488 | Commercial / United States |
| 100 | sky.com | 486 | Commercial / United States |
Judging from the analysis above, we can see that imgur users came from 22 different countries – 23 if we include the “.net” domains. that’s one country per approximately 79,895 users. The country list is seen below:
| Purpose / Country | User count |
|---|---|
| Commercial / United States | 1,454,595 |
| United Kingdom | 36,259 |
| Network Infrastructure | 27,000 |
| Russia | 12,729 |
| Taiwan | 7,240 |
| Hong Kong | 6,133 |
| Canada | 11,209 |
| France | 6,108 |
| Germany | 10,100 |
| Spain | 3,069 |
| Italy | 4,192 |
| Poland | 4,169 |
| Vietnam | 1,844 |
| Japan | 1,830 |
| Brazil | 2,175 |
| Bulgaria | 1,617 |
| The Netherlands | 1,563 |
| Sweden | 2,308 |
| Denmark | 844 |
| Hungary | 1,422 |
| Latvia | 541 |
| Austria | 536 |
| New Zealand | 499 |
We can also take a look of the email length. Our analysis tells us that:
- There are 114 emails that are smaller than or equal to 8 characters in length;
- There are 6,139 emails that are smaller than or equal to 12 characters in length;
- There are 112,439 emails that are smaller than or equal to 16 characters in length;
- There are 706,131 emails that are smaller than or equal to 20 characters in length;
- There are 1,381,777 emails that are smaller than or equal to 24 characters in length;
- There are 1,670,847 emails that are smaller than or equal to 28 characters in length;
- There are 1,732,725 emails that are smaller than or equal to 32 characters in length.
The emails with the least (8) characters consume 0.006485822220199353% of the total user base (114 users), while the emails with the most (32) characters consume 98.58023075872741% (approximately 1,732,725 users). That leaves just 1.413283419052391% for the rest of the emails – that’s approximately 24,841 users.
We can also take a look at emails that begin with letters:
| # | Letter that the email begins with | Count |
|---|---|---|
| 1 | a | 114,367 |
| 2 | b | 83,499 |
| 3 | c | 95,509 |
| 4 | d | 89,655 |
| 5 | e | 49,422 |
| 6 | f | 43,820 |
| 7 | g | 50,183 |
| 8 | h | 48,073 |
| 9 | i | 37,400 |
| 10 | j | 112,499 |
| 11 | k | 67,783 |
| 12 | l | 66,869 |
| 13 | m | 121,084 |
| 14 | n | 51,869 |
| 15 | o | 23,674 |
| 16 | p | 58,410 |
| 17 | q | 9,710 |
| 18 | r | 72,470 |
| 19 | s | 128,636 |
| 20 | t | 84,623 |
| 21 | u | 13,414 |
| 22 | v | 27,160 |
| 23 | w | 34,413 |
| 24 | x | 18,674 |
| 25 | y | 17,045 |
| 26 | z | 23,444 |
We can see that:
- The most popular letter is s, the least popular letter is q;
- The letter s is followed by the letter m;
- The letter m is followed by the letter a;
- The letter a is followed by the letter j;
- The letter j is followed by the letter c.
Now that letters have been covered, we could also take a look at the numbers:
| Number that the email begins with | User count |
|---|---|
| 0 | 10,764 |
| 1 | 6,494 |
| 2 | 6,720 |
| 3 | 5,619 |
| 4 | 6,587 |
| 5 | 5,024 |
| 6 | 6,230 |
| 7 | 5,039 |
| 8 | 6,145 |
| 9 | 5,044 |
We can see that:
- The most popular number is 0, the least popular number is 5;
- The number 0 is followed by the number 2;
- The number 2 is followed by the number 4;
- The number 4 is followed by the number 1;
- The number 1 is followed by the number 8.
Passwords
The top 100 most frequently used passwords on imgur can be seen below. The top 100 passwords also include “imgurimgur” as a password:
| # | Password | User count |
|---|---|---|
| 1 | 123456 | 8,011 |
| 2 | 123456789 | 2,809 |
| 3 | password | 2,748 |
| 4 | omega85 | 2,593 |
| 5 | 1233123aa | 1,829 |
| 6 | 123abc | 1,752 |
| 7 | qwerty | 1,541 |
| 8 | 123123 | 1,057 |
| 9 | abc123 | 978 |
| 10 | 12345678 | 899 |
| 11 | jxdlza99 | 845 |
| 12 | 111111 | 792 |
| 13 | password1 | 744 |
| 14 | pokemon | 662 |
| 15 | 1234567890 | 649 |
| 16 | 1q2w3e4r | 614 |
| 17 | cheese | 605 |
| 18 | 123321 | 569 |
| 19 | 123qwe123 | 568 |
| 20 | 1qaz2wsx | 567 |
| 21 | 123qwe | 558 |
| 22 | 000000 | 551 |
| 23 | asdasd | 548 |
| 24 | monkey | 526 |
| 25 | qwerty123 | 523 |
| 26 | 1234567 | 503 |
| 27 | imgur1 | 495 |
| 28 | 1234qwer | 467 |
| 29 | fuckyou | 459 |
| 30 | dragon | 455 |
| 31 | blink182 | 424 |
| 32 | baseball | 423 |
| 33 | starwars | 423 |
| 34 | asdfasdf | 422 |
| 35 | a123456 | 412 |
| 36 | lol123 | 401 |
| 37 | phongvan84 | 396 |
| 38 | letmein | 395 |
| 39 | shadow | 383 |
| 40 | incorrect | 381 |
| 41 | passw0rd | 381 |
| 42 | asdf1234 | 379 |
| 43 | soccer | 377 |
| 44 | trustno1 | 375 |
| 45 | qazxsw123 | 372 |
| 46 | iloveyou | 369 |
| 47 | imgur123 | 351 |
| 48 | superman | 341 |
| 49 | qwertyuiop | 340 |
| 50 | asdfghjkl | 324 |
| 51 | qwe123 | 324 |
| 52 | whatever | 319 |
| 53 | gishwhes | 317 |
| 54 | liufang | 316 |
| 55 | 123123123 | 315 |
| 56 | asd123 | 312 |
| 57 | 159753 | 311 |
| 58 | welcome123 | 309 |
| 59 | qazwsx | 308 |
| 60 | 666666 | 307 |
| 61 | abcd1234 | 304 |
| 62 | minecraft | 304 |
| 63 | 1q2w3e | 303 |
| 64 | aaaaaa | 302 |
| 65 | 286 | |
| 66 | football | 283 |
| 67 | haejin26 | 271 |
| 68 | zxcvbnm | 270 |
| 69 | fuckoff | 268 |
| 70 | qwer1234 | 266 |
| 71 | 12qwaszx | 263 |
| 72 | 112233 | 262 |
| 73 | killer | 262 |
| 74 | q1w2e3r4 | 262 |
| 75 | sunshine | 254 |
| 76 | pepper | 250 |
| 77 | pokemon1 | 250 |
| 78 | thispass123 | 248 |
| 79 | hello123 | 247 |
| 80 | chicken | 243 |
| 81 | charlie | 242 |
| 82 | asdfgh | 237 |
| 83 | hahaha | 234 |
| 84 | home12345 | 234 |
| 85 | password123 | 234 |
| 86 | 654321 | 233 |
| 87 | dilza123 | 232 |
| 88 | master | 232 |
| 89 | nintendo | 226 |
| 90 | computer | 222 |
| 91 | ginger | 222 |
| 92 | 123qweasd | 220 |
| 93 | 220 | |
| 94 | blahblah | 218 |
| 95 | cookie | 218 |
| 96 | qwe123qwe | 218 |
| 97 | Password1 | 217 |
| 98 | 121212 | 214 |
| 99 | 1123581321 | 213 |
| 100 | imgurimgur | 211 |
The password list is pretty ordinary, but there are a few unusual passwords – most notably, “omega85“, “jxdlza99“, “blink182“, “phongvan84“, “imgur123“, “gishwhes“, “haejin26“, “1123581321” and “imgurimgur“.
Here’s an analysis of passwords that begin with letters:
| # | The letter the password begins with | User count |
|---|---|---|
| 1 | a | 87,305 |
| 2 | b | 89,772 |
| 3 | c | 87,269 |
| 4 | d | 66,923 |
| 5 | e | 29,598 |
| 6 | f | 51,995 |
| 7 | g | 49,520 |
| 8 | h | 51,439 |
| 9 | i | 44,605 |
| 10 | j | 49,902 |
| 11 | k | 46,970 |
| 12 | l | 60,784 |
| 13 | m | 103,853 |
| 14 | n | 40,190 |
| 15 | o | 23,858 |
| 16 | p | 86,118 |
| 17 | q | 16,637 |
| 18 | r | 54,146 |
| 19 | s | 133,328 |
| 20 | t | 66,648 |
| 21 | u | 7,814 |
| 22 | v | 16,256 |
| 23 | w | 36,213 |
| 24 | x | 5,279 |
| 25 | y | 12,599 |
| 26 | z | 13,279 |
- The most prevalent letter is s;
- The letter s is followed by the letter m;
- The letter m is followed by the letter b;
- The letter b is followed by the letter c;
- The letter c is followed by the letter p.
We can also take a look at passwords that begin with numbers:
| Number that the password begins with | User count |
|---|---|
| 0 | 23,683 |
| 1 | 97,499 |
| 2 | 32,115 |
| 3 | 16,495 |
| 4 | 12,449 |
| 5 | 11,894 |
| 6 | 10,735 |
| 7 | 11,798 |
| 8 | 12,318 |
| 9 | 15,098 |
We can see that:
- The most prevalent number is 1, followed by the number 2;
- The number 2 is followed by the number 0;
- The number 0 is followed by the number 3;
- The number 3 is followed by the number 9;
- The number 9 is followed by the number 8.
Summary
Even though the imgur data breach is relatively small compared to a lot of the bigger ones, it goes to show that hackers target all kinds of websites – at first glance, imgur did not seem like a likely target, but with imgur being one of the world’s largest image-sharing communities certainly attracts some hacker attention. Kudos to the imgur team for disclosing the breach as soon as they learned from it – this is how data breach disclosure should be done.