Categories: Data Breach Analysis

imgur.com Data Breach Analysis

Preface

On November 23, 2017 imgur was notified of a potential security breach. The breach affected email addresses and passwords of approximately 1.7 million imgur users – with duplicates, the data includes 1,757,680 records.

What data is at risk?

After the data breach was disclosed, the imgur team said that data at risk includes email addresses and passwords. The service says it always encrypted user passwords, but it admits passwords may have been cracked using brute force due to an older hashing algorithm (SHA-256) that was used at the time. In a blog post the service also mentioned that they have updated their password hashing algorithm since 2016 – they now use bcrypt.

Email addresses

imgur is a pretty small data breach compared to some of the biggest ones, but nonetheless, the data breach has some interesting data to analyze. Top 100 of the most frequently used imgur email domains can be seen below:

#Email DomainUser countPurpose / Country
1gmail.com723,813Commercial / United States
2hotmail.com297,543Commercial / United States
3yahoo.com266,183Commercial / United States
4aol.com37,001Commercial / United States
5live.com34,892Commercial / United States
6hotmail.co.uk24,607United Kingdom
7ymail.com12,215Commercial / United States
8msn.com9,935Commercial / United States
9comcast.net9,753Network Infrastructure
10mail.ru8,512Russia
11aim.com7,885Commercial / United States
12yahoo.com.tw7,240Taiwan
13me.com6,646Commercial / United States
14live.co.uk5,917United Kingdom
15rocketmail.com5,757Commercial / United States
16yahoo.co.uk5,735United Kingdom
17yahoo.com.hk5,570Hong Kong
18googlemail.com5,569Commercial / United States
19mailinator.com4,876Commercial / United States
20outlook.com4,649Commercial / United States
21163.com4,529Commercial / United States
22qq.com4,511Commercial / United States
23sbcglobal.net4,277Network Infrastructure
24live.ca4,064Canada
25hotmail.fr3,854France
26web.de3,552Germany
27yahoo.ca3,120Canada
28yandex.ru3,073Russia
29dayrep.com2,969Commercial / United States
30hotmail.ca2,898Canada
31teleworm.us2,874United States
32gmx.de2,859Germany
33verizon.net2,416Network Infrastructure
34att.net2,395Network Infrastructure
35mail.com2,370Commercial / United States
36naver.com2,204Commercial / United States
37hotmail.es2,182Spain
38126.com2,181Commercial / United States
39cox.net2,067Network Infrastructure
40gmx.com2,036Commercial / United States
41hotmail.it2,003Italy
42live.com.au1,906Commercial / United States
43wp.pl1,872Poland
44yahoo.com.vn1,844Vietnam
45yahoo.co.jp1,830Japan
46mac.com1,777Commercial / United States
47o2.pl1,696Poland
48hotmail.de1,639Germany
49yahoo.com.br1,620Brazil
50abv.bg1,617Bulgaria
51btinternet.com1,571Commercial / United States
52live.nl1,563The Netherlands
53live.se1,556Sweden
54yahoo.de1,389Germany
55rmqkr.net1,329Network Infrastructure
56yahoo.co.id1,279Indonesia
57live.fr1,208France
58bellsouth.net1,169Network Infrastructure
59windowslive.com1,168Commercial / United States
60seznam.cz1,139Czech Republic
61shaw.ca1,127Canada
62yahoo.in1,100India
63yahoo.com.au1,088Commercial / United States
64icloud.com1,087Commercial / United States
65armyspy.com1,067Commercial / United States
66gmx.net1,056Network Infrastructure
67yahoo.fr1,046France
68sina.com930Commercial / United States
69charter.net927Network Infrastructure
70sharklasers.com894Commercial / United States
71yahoo.es887Spain
72live.dk844Denmark
73optonline.net833Network Infrastructure
74libero.it791Italy
75earthlink.net778Network Infrastructure
76freemail.hu777Hungary
77yahoo.com.cn762Commercial / United States
78hotmail.se752Sweden
79rogers.com750Commercial / United States
80live.it705Italy
81yahoo.it693Italy
82yopmail.com682Commercial / United States
83live.de661Germany
84bk.ru650Russia
85citromail.hu645Hungary
86yahoo.co.in644India
87interia.pl601Poland
88live.no599Norway
89hushmail.com587Commercial / United States
90live.hk563Hong Kong
91hotmail.com.br555Brazil
92rtrtr.com544Commercial / United States
93inbox.lv541Latvia
94gmx.at536Austria
95yahoo.com.ar524Commercial / United States
96bigpond.com520Commercial / United States
97hotmail.co.nz499New Zealand
98rambler.ru494Russia
99rediffmail.com488Commercial / United States
100sky.com486Commercial / United States

Judging from the analysis above, we can see that imgur users came from 22 different countries – 23 if we include the “.net” domains. that’s one country per approximately 79,895 users. The country list is seen below:

Purpose / CountryUser count
Commercial / United States1,454,595
United Kingdom36,259
Network Infrastructure27,000
Russia12,729
Taiwan7,240
Hong Kong6,133
Canada11,209
France6,108
Germany10,100
Spain3,069
Italy4,192
Poland4,169
Vietnam1,844
Japan1,830
Brazil2,175
Bulgaria1,617
The Netherlands1,563
Sweden2,308
Denmark844
Hungary1,422
Latvia541
Austria536
New Zealand499

We can also take a look of the email length. Our analysis tells us that:

  • There are 114 emails that are smaller than or equal to 8 characters in length;
  • There are 6,139 emails that are smaller than or equal to 12 characters in length;
  • There are 112,439 emails that are smaller than or equal to 16 characters in length;
  • There are 706,131 emails that are smaller than or equal to 20 characters in length;
  • There are 1,381,777 emails that are smaller than or equal to 24 characters in length;
  • There are 1,670,847 emails that are smaller than or equal to 28 characters in length;
  • There are 1,732,725 emails that are smaller than or equal to 32 characters in length.

The emails with the least (8) characters consume 0.006485822220199353% of the total user base (114 users), while the emails with the most (32) characters consume 98.58023075872741% (approximately 1,732,725 users). That leaves just 1.413283419052391% for the rest of the emails – that’s approximately 24,841 users.

We can also take a look at emails that begin with letters:

#Letter that the email begins withCount
1a114,367
2b83,499
3c95,509
4d89,655
5e49,422
6f43,820
7g50,183
8h48,073
9i37,400
10j112,499
11k67,783
12l66,869
13m121,084
14n51,869
15o23,674
16p58,410
17q9,710
18r72,470
19s128,636
20t84,623
21u13,414
22v27,160
23w34,413
24x18,674
25y17,045
26z23,444

We can see that:

  • The most popular letter is s, the least popular letter is q;
  • The letter s is followed by the letter m;
  • The letter m is followed by the letter a;
  • The letter a is followed by the letter j;
  • The letter j is followed by the letter c.

Now that letters have been covered, we could also take a look at the numbers:

Number that the email begins withUser count
010,764
16,494
26,720
35,619
46,587
55,024
66,230
75,039
86,145
95,044

We can see that:

  • The most popular number is 0, the least popular number is 5;
  • The number 0 is followed by the number 2;
  • The number 2 is followed by the number 4;
  • The number 4 is followed by the number 1;
  • The number 1 is followed by the number 8.

Passwords

The top 100 most frequently used passwords on imgur can be seen below. The top 100 passwords also include “imgurimgur” as a password:

#PasswordUser count
11234568,011
21234567892,809
3password2,748
4omega852,593
51233123aa1,829
6123abc1,752
7qwerty1,541
81231231,057
9abc123978
1012345678899
11jxdlza99845
12111111792
13password1744
14pokemon662
151234567890649
161q2w3e4r614
17cheese605
18123321569
19123qwe123568
201qaz2wsx567
21123qwe558
22000000551
23asdasd548
24monkey526
25qwerty123523
261234567503
27imgur1495
281234qwer467
29fuckyou459
30dragon455
31blink182424
32baseball423
33starwars423
34asdfasdf422
35a123456412
36lol123401
37phongvan84396
38letmein395
39shadow383
40incorrect381
41passw0rd381
42asdf1234379
43soccer377
44trustno1375
45qazxsw123372
46iloveyou369
47imgur123351
48superman341
49qwertyuiop340
50asdfghjkl324
51qwe123324
52whatever319
53gishwhes317
54liufang316
55123123123315
56asd123312
57159753311
58welcome123309
59qazwsx308
60666666307
61abcd1234304
62minecraft304
631q2w3e303
64aaaaaa302
65reddit286
66football283
67haejin26271
68zxcvbnm270
69fuckoff268
70qwer1234266
7112qwaszx263
72112233262
73killer262
74q1w2e3r4262
75sunshine254
76pepper250
77pokemon1250
78thispass123248
79hello123247
80chicken243
81charlie242
82asdfgh237
83hahaha234
84home12345234
85password123234
86654321233
87dilza123232
88master232
89nintendo226
90computer222
91ginger222
92123qweasd220
93google220
94blahblah218
95cookie218
96qwe123qwe218
97Password1217
98121212214
991123581321213
100imgurimgur211

The password list is pretty ordinary, but there are a few unusual passwords – most notably, “omega85“, “jxdlza99“, “blink182“, “phongvan84“, “imgur123“, “gishwhes“, “haejin26“, “1123581321” and “imgurimgur“.

Here’s an analysis of passwords that begin with letters:

#The letter the password begins withUser count
1a87,305
2b89,772
3c87,269
4d66,923
5e29,598
6f51,995
7g49,520
8h51,439
9i44,605
10j49,902
11k46,970
12l60,784
13m103,853
14n40,190
15o23,858
16p86,118
17q16,637
18r54,146
19s133,328
20t66,648
21u7,814
22v16,256
23w36,213
24x5,279
25y12,599
26z13,279
  • The most prevalent letter is s;
  • The letter s is followed by the letter m;
  • The letter m is followed by the letter b;
  • The letter b is followed by the letter c;
  • The letter c is followed by the letter p.

We can also take a look at passwords that begin with numbers:

Number that the password begins withUser count
023,683
197,499
232,115
316,495
412,449
511,894
610,735
711,798
812,318
915,098

We can see that:

  • The most prevalent number is 1, followed by the number 2;
  • The number 2 is followed by the number 0;
  • The number 0 is followed by the number 3;
  • The number 3 is followed by the number 9;
  • The number 9 is followed by the number 8.

Summary

Even though the imgur data breach is relatively small compared to a lot of the bigger ones, it goes to show that hackers target all kinds of websites – at first glance, imgur did not seem like a likely target, but with imgur being one of the world’s largest image-sharing communities certainly attracts some hacker attention. Kudos to the imgur team for disclosing the breach as soon as they learned from it – this is how data breach disclosure should be done.

Nirium

Share
Published by
Nirium

Recent Posts

Schneider Electric: JIRA Server Breached

There have been rumors about a data breach targeting Schneider Electric. Did a data breach…

1 month ago

The Makers of Fiskars Scissors Got Breached: What’s Known

There have been rumors about the Fiskars Group – the company behind Fiskars scissors and…

1 month ago

Russia Fines Google for $20,000,000,000,000,000,000,000,000,000,000,000

Russia has fined Google more than two undecillion roubles because Google has refused to pay…

1 month ago

RockYou 2024.txt Looks Like a Binary File – Here’s Why

Why does RockYou 2024.txt look like a binary file when you open it up? Find…

1 month ago

Duolicious Data Leak: What You Need to Know

Duolicious is a dating app that connects people who are “chronically online.” Did the Duolicious…

1 month ago

What is RockYou 2024.txt and How Did RockYou 2024 Come to Be?

This blog will tell you what RockYou 2024 is, how RockYou 2024.txt came to be,…

1 month ago