Popular image-sharing site, We Heart It, disclosed a data breach where eight million accounts have reportedly had their emails and passwords stolen.
Although only recently discovered, the breach is reported to have happened five years ago for accounts created between 2008 and November 2013.
Email addresses, usernames and encrypted passwords are thought to have been compromised. The company also admitted that, although encrypted, the passwords were unfortunately not secured.
The company which has more than 40 million users as of December 2015 released a statement about the breach, noting that no evidence of unauthorised behaviour or wrongdoing was found in its initial investigations. We Heart It blamed “advancements in computer hardware” as opposed to outdated security for the reason behind the breach.
We Heart it has consequently taken steps to encrypt current users’ passwords with additional encryption and are alerting victims of the breach by email so they are aware of the risks posed. Sadly, given the breach was from several years ago, cyber-criminals who copied or stole the exposed information may have already misused it a long time ago.
Account holders are being asked to change their passwords if it is the same one from 2013, as well as updating their login details for any other sites they use the same email and password combo for. Cyber-criminals are known to steal login information and try them on various sites, knowing that users often use the same credentials for a variety of accounts.
We Heart It has not proactively reset user’s passwords for them and has instead left that responsibility for the user, which is a questionable approach to take…
The image-sharing site – similar to Instagram, Tumblr and Pinterest – allows users to save images and quotes or upload their own. To do this, users often need to allow the apps access to their phone memory and photobook. This can create a fresh set of problems as smart phones now contain an incredible amount of personal information. Apps that aren’t properly protected and are compromised may be used to spread malware onto a phone or may be vulnerable to data being stolen.