[BreachExchange] We Heart It says a data breach affected over 8 million accounts, included emails and passwords

[Inga Goddijn]

https://techcrunch.com/2017/10/16/we-heart-it-says-a-data-breach-affected-over-8-million-accounts-included-emails-and-passwords/

We Heart It, an image-sharing site used by 40 million teens as of a couple
of years ago, is informing users their personal data may have been
compromised. The company was alerted to a possible security breach last
week that involved over 8 million accounts, it saidon Friday. The breach
took place a few years ago and includes email addresses, usernames and
encrypted passwords for We Heart It accounts created between 2008 and
November 2013.

Although the passwords were encrypted, they are not secure, the company
notes.

“…the encryption algorithms commonly used to encrypt passwords in 2013 are
no longer secure due to advancements in computer hardware,” reads a We
Heart It blog post detailing their findings.

The company adds that, since that time, it has made improvements to its
systems, security protocols, password security and its database.

It has also taken the immediate step to encrypt all current users’
passwords with additional encryption using the secure bcrypt algorithm.
This process was still underway at the time of the announcement.

Over the weekend, We Heart It sent out emails to affected users to alert
them to the breach.

Users are being asked to change their password if it has not been updated
since 2013, as well as change that password on any other site where it’s
been re-used.

Unfortunately, the company did not proactively reset users’ passwords on
their behalf, as many companies do following a security breach involving
account information.

However, We Heart It says that it has not found any evidence of
unauthorized logins or wrong doing at this time.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20171016/712888f0/attachment.html>