Imgur recently learned a breach that may have compromised the security of about 1.7 million of their users. The company released the details on the morning of Nov. 24, immediately after the breach was discovered.

On Thanksgiving afternoon, Nov. 23, security researcher Troy Hunt received information that may have been stolen from the popular image-sharing platform. When Hunt suspected that the data sent to him contained information regarding Imgur users, he immediately informed the company's chief operating officer Roy Sehgal via email.

Hunt and Sehgal's continued correspondence confirmed that the data was indeed stolen from the company and a statement was prepared to notify the users of the attack. The said statement was posted on Imgur's official blog the morning after.

According to the company, while they learned of the breach only as recently as last week, the database was hacked sometime in 2014.

They did not know how exactly the hackers accessed the data, but they have a working theory. Back then, the site was still using an algorithm called Secure Hash Algorithm 256 (SHA-256) to encrypt passwords. Hackers may have used a brute force method to break through this encryption.

That said, the company assured its users by saying that they do not use SHA-256 anymore. They upgraded the security to bcrypt algorithm sometime last year.

The company stated that hackers obtained roughly 1.7 million user emails and passwords due to the breach. Fortunately, Imgur has never asked for real names, phone numbers, and addresses when people sign up for an account.

Still, a security breach is no small matter and the company still advised its users to be more cautious when creating accounts for different platforms. They asked users to create strong passwords. On top of that, they suggested that people use different email and password combinations for every site.