October 13, 2017
We Heart It Members,
On October 11, 2017, we were alerted to a possible security breach involving account information for over 8 million accounts that had occurred several years ago. We immediately began an investigation to verify the information and are writing this post to inform the community of our findings to date, and the immediate actions we are taking to further protect your data.
So far we know that information from our user account database was leaked, and that information includes email addresses, usernames, and encrypted passwords for We Heart It accounts created between 2008 and November 2013. At this time we have found no evidence of unauthorized logins or wrongdoing. However, the encryption algorithms commonly used to encrypt passwords in 2013 are no longer secure due to advancements in computer hardware.
Since 2013 we have made significant upgrades and improvements to our systems, security protocols, password security, and database. Additionally, we have taken immediate action to further protect all We Heart It account passwords with additional encryption using the secure bcrypt algorithm. We are in the process of updating all user passwords with this additional encryption as expeditiously as possible.
We are also contacting by email all users affected by the breach to inform them of the situation. We strongly recommend that you change your We Heart It password if it has not been updated since 2013. Additionally, if that password was used in any other services, we strongly recommend that you also immediately update your password in those services as well.
We would like to apologize to all of our users who were affected by this breach. We will continue to investigate this incident, and will update this post as and if further relevant information comes to light.
Thank you to Troy Hunt for initially alerting us of this.
Team We Heart It