On November 23, 2017 imgur was notified of a potential security breach. The breach affected email addresses and passwords of approximately 1.7 million imgur users – with duplicates, the data includes 1,757,680 records.
After the data breach was disclosed, the imgur team said that data at risk includes email addresses and passwords. The service says it always encrypted user passwords, but it admits passwords may have been cracked using brute force due to an older hashing algorithm (SHA-256) that was used at the time. In a blog post the service also mentioned that they have updated their password hashing algorithm since 2016 – they now use bcrypt.
imgur is a pretty small data breach compared to some of the biggest ones, but nonetheless, the data breach has some interesting data to analyze. Top 100 of the most frequently used imgur email domains can be seen below:
| # | Email Domain | User count | Purpose / Country |
|---|---|---|---|
| 1 | gmail.com | 723,813 | Commercial / United States |
| 2 | hotmail.com | 297,543 | Commercial / United States |
| 3 | yahoo.com | 266,183 | Commercial / United States |
| 4 | aol.com | 37,001 | Commercial / United States |
| 5 | live.com | 34,892 | Commercial / United States |
| 6 | hotmail.co.uk | 24,607 | United Kingdom |
| 7 | ymail.com | 12,215 | Commercial / United States |
| 8 | msn.com | 9,935 | Commercial / United States |
| 9 | comcast.net | 9,753 | Network Infrastructure |
| 10 | mail.ru | 8,512 | Russia |
| 11 | aim.com | 7,885 | Commercial / United States |
| 12 | yahoo.com.tw | 7,240 | Taiwan |
| 13 | me.com | 6,646 | Commercial / United States |
| 14 | live.co.uk | 5,917 | United Kingdom |
| 15 | rocketmail.com | 5,757 | Commercial / United States |
| 16 | yahoo.co.uk | 5,735 | United Kingdom |
| 17 | yahoo.com.hk | 5,570 | Hong Kong |
| 18 | googlemail.com | 5,569 | Commercial / United States |
| 19 | mailinator.com | 4,876 | Commercial / United States |
| 20 | outlook.com | 4,649 | Commercial / United States |
| 21 | 163.com | 4,529 | Commercial / United States |
| 22 | qq.com | 4,511 | Commercial / United States |
| 23 | sbcglobal.net | 4,277 | Network Infrastructure |
| 24 | live.ca | 4,064 | Canada |
| 25 | hotmail.fr | 3,854 | France |
| 26 | web.de | 3,552 | Germany |
| 27 | yahoo.ca | 3,120 | Canada |
| 28 | yandex.ru | 3,073 | Russia |
| 29 | dayrep.com | 2,969 | Commercial / United States |
| 30 | hotmail.ca | 2,898 | Canada |
| 31 | teleworm.us | 2,874 | United States |
| 32 | gmx.de | 2,859 | Germany |
| 33 | verizon.net | 2,416 | Network Infrastructure |
| 34 | att.net | 2,395 | Network Infrastructure |
| 35 | mail.com | 2,370 | Commercial / United States |
| 36 | naver.com | 2,204 | Commercial / United States |
| 37 | hotmail.es | 2,182 | Spain |
| 38 | 126.com | 2,181 | Commercial / United States |
| 39 | cox.net | 2,067 | Network Infrastructure |
| 40 | gmx.com | 2,036 | Commercial / United States |
| 41 | hotmail.it | 2,003 | Italy |
| 42 | live.com.au | 1,906 | Commercial / United States |
| 43 | wp.pl | 1,872 | Poland |
| 44 | yahoo.com.vn | 1,844 | Vietnam |
| 45 | yahoo.co.jp | 1,830 | Japan |
| 46 | mac.com | 1,777 | Commercial / United States |
| 47 | o2.pl | 1,696 | Poland |
| 48 | hotmail.de | 1,639 | Germany |
| 49 | yahoo.com.br | 1,620 | Brazil |
| 50 | abv.bg | 1,617 | Bulgaria |
| 51 | btinternet.com | 1,571 | Commercial / United States |
| 52 | live.nl | 1,563 | The Netherlands |
| 53 | live.se | 1,556 | Sweden |
| 54 | yahoo.de | 1,389 | Germany |
| 55 | rmqkr.net | 1,329 | Network Infrastructure |
| 56 | yahoo.co.id | 1,279 | Indonesia |
| 57 | live.fr | 1,208 | France |
| 58 | bellsouth.net | 1,169 | Network Infrastructure |
| 59 | windowslive.com | 1,168 | Commercial / United States |
| 60 | seznam.cz | 1,139 | Czech Republic |
| 61 | shaw.ca | 1,127 | Canada |
| 62 | yahoo.in | 1,100 | India |
| 63 | yahoo.com.au | 1,088 | Commercial / United States |
| 64 | icloud.com | 1,087 | Commercial / United States |
| 65 | armyspy.com | 1,067 | Commercial / United States |
| 66 | gmx.net | 1,056 | Network Infrastructure |
| 67 | yahoo.fr | 1,046 | France |
| 68 | sina.com | 930 | Commercial / United States |
| 69 | charter.net | 927 | Network Infrastructure |
| 70 | sharklasers.com | 894 | Commercial / United States |
| 71 | yahoo.es | 887 | Spain |
| 72 | live.dk | 844 | Denmark |
| 73 | optonline.net | 833 | Network Infrastructure |
| 74 | libero.it | 791 | Italy |
| 75 | earthlink.net | 778 | Network Infrastructure |
| 76 | freemail.hu | 777 | Hungary |
| 77 | yahoo.com.cn | 762 | Commercial / United States |
| 78 | hotmail.se | 752 | Sweden |
| 79 | rogers.com | 750 | Commercial / United States |
| 80 | live.it | 705 | Italy |
| 81 | yahoo.it | 693 | Italy |
| 82 | yopmail.com | 682 | Commercial / United States |
| 83 | live.de | 661 | Germany |
| 84 | bk.ru | 650 | Russia |
| 85 | citromail.hu | 645 | Hungary |
| 86 | yahoo.co.in | 644 | India |
| 87 | interia.pl | 601 | Poland |
| 88 | live.no | 599 | Norway |
| 89 | hushmail.com | 587 | Commercial / United States |
| 90 | live.hk | 563 | Hong Kong |
| 91 | hotmail.com.br | 555 | Brazil |
| 92 | rtrtr.com | 544 | Commercial / United States |
| 93 | inbox.lv | 541 | Latvia |
| 94 | gmx.at | 536 | Austria |
| 95 | yahoo.com.ar | 524 | Commercial / United States |
| 96 | bigpond.com | 520 | Commercial / United States |
| 97 | hotmail.co.nz | 499 | New Zealand |
| 98 | rambler.ru | 494 | Russia |
| 99 | rediffmail.com | 488 | Commercial / United States |
| 100 | sky.com | 486 | Commercial / United States |
Judging from the analysis above, we can see that imgur users came from 22 different countries – 23 if we include the “.net” domains. that’s one country per approximately 79,895 users. The country list is seen below:
| Purpose / Country | User count |
|---|---|
| Commercial / United States | 1,454,595 |
| United Kingdom | 36,259 |
| Network Infrastructure | 27,000 |
| Russia | 12,729 |
| Taiwan | 7,240 |
| Hong Kong | 6,133 |
| Canada | 11,209 |
| France | 6,108 |
| Germany | 10,100 |
| Spain | 3,069 |
| Italy | 4,192 |
| Poland | 4,169 |
| Vietnam | 1,844 |
| Japan | 1,830 |
| Brazil | 2,175 |
| Bulgaria | 1,617 |
| The Netherlands | 1,563 |
| Sweden | 2,308 |
| Denmark | 844 |
| Hungary | 1,422 |
| Latvia | 541 |
| Austria | 536 |
| New Zealand | 499 |
We can also take a look of the email length. Our analysis tells us that:
The emails with the least (8) characters consume 0.006485822220199353% of the total user base (114 users), while the emails with the most (32) characters consume 98.58023075872741% (approximately 1,732,725 users). That leaves just 1.413283419052391% for the rest of the emails – that’s approximately 24,841 users.
We can also take a look at emails that begin with letters:
| # | Letter that the email begins with | Count |
|---|---|---|
| 1 | a | 114,367 |
| 2 | b | 83,499 |
| 3 | c | 95,509 |
| 4 | d | 89,655 |
| 5 | e | 49,422 |
| 6 | f | 43,820 |
| 7 | g | 50,183 |
| 8 | h | 48,073 |
| 9 | i | 37,400 |
| 10 | j | 112,499 |
| 11 | k | 67,783 |
| 12 | l | 66,869 |
| 13 | m | 121,084 |
| 14 | n | 51,869 |
| 15 | o | 23,674 |
| 16 | p | 58,410 |
| 17 | q | 9,710 |
| 18 | r | 72,470 |
| 19 | s | 128,636 |
| 20 | t | 84,623 |
| 21 | u | 13,414 |
| 22 | v | 27,160 |
| 23 | w | 34,413 |
| 24 | x | 18,674 |
| 25 | y | 17,045 |
| 26 | z | 23,444 |
We can see that:
Now that letters have been covered, we could also take a look at the numbers:
| Number that the email begins with | User count |
|---|---|
| 0 | 10,764 |
| 1 | 6,494 |
| 2 | 6,720 |
| 3 | 5,619 |
| 4 | 6,587 |
| 5 | 5,024 |
| 6 | 6,230 |
| 7 | 5,039 |
| 8 | 6,145 |
| 9 | 5,044 |
We can see that:
The top 100 most frequently used passwords on imgur can be seen below. The top 100 passwords also include “imgurimgur” as a password:
| # | Password | User count |
|---|---|---|
| 1 | 123456 | 8,011 |
| 2 | 123456789 | 2,809 |
| 3 | password | 2,748 |
| 4 | omega85 | 2,593 |
| 5 | 1233123aa | 1,829 |
| 6 | 123abc | 1,752 |
| 7 | qwerty | 1,541 |
| 8 | 123123 | 1,057 |
| 9 | abc123 | 978 |
| 10 | 12345678 | 899 |
| 11 | jxdlza99 | 845 |
| 12 | 111111 | 792 |
| 13 | password1 | 744 |
| 14 | pokemon | 662 |
| 15 | 1234567890 | 649 |
| 16 | 1q2w3e4r | 614 |
| 17 | cheese | 605 |
| 18 | 123321 | 569 |
| 19 | 123qwe123 | 568 |
| 20 | 1qaz2wsx | 567 |
| 21 | 123qwe | 558 |
| 22 | 000000 | 551 |
| 23 | asdasd | 548 |
| 24 | monkey | 526 |
| 25 | qwerty123 | 523 |
| 26 | 1234567 | 503 |
| 27 | imgur1 | 495 |
| 28 | 1234qwer | 467 |
| 29 | fuckyou | 459 |
| 30 | dragon | 455 |
| 31 | blink182 | 424 |
| 32 | baseball | 423 |
| 33 | starwars | 423 |
| 34 | asdfasdf | 422 |
| 35 | a123456 | 412 |
| 36 | lol123 | 401 |
| 37 | phongvan84 | 396 |
| 38 | letmein | 395 |
| 39 | shadow | 383 |
| 40 | incorrect | 381 |
| 41 | passw0rd | 381 |
| 42 | asdf1234 | 379 |
| 43 | soccer | 377 |
| 44 | trustno1 | 375 |
| 45 | qazxsw123 | 372 |
| 46 | iloveyou | 369 |
| 47 | imgur123 | 351 |
| 48 | superman | 341 |
| 49 | qwertyuiop | 340 |
| 50 | asdfghjkl | 324 |
| 51 | qwe123 | 324 |
| 52 | whatever | 319 |
| 53 | gishwhes | 317 |
| 54 | liufang | 316 |
| 55 | 123123123 | 315 |
| 56 | asd123 | 312 |
| 57 | 159753 | 311 |
| 58 | welcome123 | 309 |
| 59 | qazwsx | 308 |
| 60 | 666666 | 307 |
| 61 | abcd1234 | 304 |
| 62 | minecraft | 304 |
| 63 | 1q2w3e | 303 |
| 64 | aaaaaa | 302 |
| 65 | 286 | |
| 66 | football | 283 |
| 67 | haejin26 | 271 |
| 68 | zxcvbnm | 270 |
| 69 | fuckoff | 268 |
| 70 | qwer1234 | 266 |
| 71 | 12qwaszx | 263 |
| 72 | 112233 | 262 |
| 73 | killer | 262 |
| 74 | q1w2e3r4 | 262 |
| 75 | sunshine | 254 |
| 76 | pepper | 250 |
| 77 | pokemon1 | 250 |
| 78 | thispass123 | 248 |
| 79 | hello123 | 247 |
| 80 | chicken | 243 |
| 81 | charlie | 242 |
| 82 | asdfgh | 237 |
| 83 | hahaha | 234 |
| 84 | home12345 | 234 |
| 85 | password123 | 234 |
| 86 | 654321 | 233 |
| 87 | dilza123 | 232 |
| 88 | master | 232 |
| 89 | nintendo | 226 |
| 90 | computer | 222 |
| 91 | ginger | 222 |
| 92 | 123qweasd | 220 |
| 93 | 220 | |
| 94 | blahblah | 218 |
| 95 | cookie | 218 |
| 96 | qwe123qwe | 218 |
| 97 | Password1 | 217 |
| 98 | 121212 | 214 |
| 99 | 1123581321 | 213 |
| 100 | imgurimgur | 211 |
The password list is pretty ordinary, but there are a few unusual passwords – most notably, “omega85“, “jxdlza99“, “blink182“, “phongvan84“, “imgur123“, “gishwhes“, “haejin26“, “1123581321” and “imgurimgur“.
Here’s an analysis of passwords that begin with letters:
| # | The letter the password begins with | User count |
|---|---|---|
| 1 | a | 87,305 |
| 2 | b | 89,772 |
| 3 | c | 87,269 |
| 4 | d | 66,923 |
| 5 | e | 29,598 |
| 6 | f | 51,995 |
| 7 | g | 49,520 |
| 8 | h | 51,439 |
| 9 | i | 44,605 |
| 10 | j | 49,902 |
| 11 | k | 46,970 |
| 12 | l | 60,784 |
| 13 | m | 103,853 |
| 14 | n | 40,190 |
| 15 | o | 23,858 |
| 16 | p | 86,118 |
| 17 | q | 16,637 |
| 18 | r | 54,146 |
| 19 | s | 133,328 |
| 20 | t | 66,648 |
| 21 | u | 7,814 |
| 22 | v | 16,256 |
| 23 | w | 36,213 |
| 24 | x | 5,279 |
| 25 | y | 12,599 |
| 26 | z | 13,279 |
We can also take a look at passwords that begin with numbers:
| Number that the password begins with | User count |
|---|---|
| 0 | 23,683 |
| 1 | 97,499 |
| 2 | 32,115 |
| 3 | 16,495 |
| 4 | 12,449 |
| 5 | 11,894 |
| 6 | 10,735 |
| 7 | 11,798 |
| 8 | 12,318 |
| 9 | 15,098 |
We can see that:
Even though the imgur data breach is relatively small compared to a lot of the bigger ones, it goes to show that hackers target all kinds of websites – at first glance, imgur did not seem like a likely target, but with imgur being one of the world’s largest image-sharing communities certainly attracts some hacker attention. Kudos to the imgur team for disclosing the breach as soon as they learned from it – this is how data breach disclosure should be done.
There have been rumors about a data breach targeting Schneider Electric. Did a data breach…
There have been rumors about the Fiskars Group – the company behind Fiskars scissors and…
Russia has fined Google more than two undecillion roubles because Google has refused to pay…
Why does RockYou 2024.txt look like a binary file when you open it up? Find…
Duolicious is a dating app that connects people who are “chronically online.” Did the Duolicious…
This blog will tell you what RockYou 2024 is, how RockYou 2024.txt came to be,…