Teen image sharing site We Heart It reveals historic security breach affecting over 8 million accounts
We Heart It -- the image sharing service used by at least 40 million teenagers -- suffered a "possible security breach" several years ago. The breach affects more than 8 million accounts that were created between 2008 and November 2013.
Although this is a historic data breach, in which information from the user account database was leaked, We Heart It was only notified about it on October 11. The company says that email addresses, usernames, and encrypted passwords were accessed, and it recommends that users now change their passwords as they are not secure.
We Heart It explains that advancements in technology mean that the algorithms used to encrypt passwords back in 2013 are no longer secure. Unrelated to the security breach, the company says that it has made improvements to its "systems, security protocols, password security, and database," and now uses the more secure bcrypt algorithm.
In an announcement on its website, We Heart It says:
We are in the process of updating all user passwords with this additional encryption as expeditiously as possible.
We are also contacting by email all users affected by the breach to inform them of the situation. We strongly recommend that you change your We Heart It password if it has not been updated since 2013. Additionally, if that password was used in any other services, we strongly recommend that you also immediately update your password in those services as well.
Users of the service have been notified about the security breach via email, but We Heart It says that it has no evidence of any accounts being accessed without authorization.