What Happened
In November 2013, the image-sharing social network We Heart It suffered a data breach affecting approximately 8.6 million accounts, which went undiscovered until October 2017 when the company was alerted and the data surfaced publicly. The exposed information included email addresses, usernames, and encrypted passwords (primarily salted SHA-256 hashes for 80% of accounts and unsalted MD5 for the rest) for accounts created between 2008 and November 2013; while encrypted, these passwords used outdated algorithms vulnerable to modern computing power. Specific hacking methods were not disclosed, but the breach likely stemmed from weak encryption practices at the time, prompting We Heart It to later upgrade its systems, add bcrypt encryption to all passwords, notify affected users, and advise password changes on the site and any reused elsewhere.
