The online image sharing website We Heart It told its members late last week that more than 8 million of its accounts were compromised in a data breach that took place four years ago.
The social media site said in a press statement that any member who created an account between 2008 and 2013 needs to change their password for We Heart It and any other site it might also be used to access. Although We Heart It did not say exactly when the breach occurred it did say that it was notified on October 11 that at some point several years ago its system had been compromised and member information including email addresses, usernames, and encrypted passwords were leaked.
We Heart it said the exposed passwords were encrypted, but warned that the algorithm technology used at that time is no longer secure.
“Since 2013 we have made significant upgrades and improvements to our systems, security protocols, password security, and database. Additionally, we have taken immediate action to further protect all We Heart It account passwords with additional encryption using the secure bcrypt algorithm. We are in the process of updating all user passwords with this additional encryption as expeditiously as possible,” the company said.
We Hear It has not yet answered an SC Media request regarding how and when the breach occurred.