Cyber Incident Victim: We Heart It

We Heart It, an image-sharing platform popular among teenagers and young adults, experienced a data breach affecting over 8 million user accounts. The incident occurred several years prior to its discovery in October 2017, specifically impacting accounts created between 2008 and November 2013. Compromised information included email addresses, usernames, and encrypted passwords stored during that timeframe. The company acknowledged that while passwords were encrypted using standard algorithms of that era, technological advancements had rendered these encryption methods insecure by 2017 standards. We Heart It became aware of the potential breach through external alerts received the week preceding October 16, 2017, prompting an internal investigation. The platform confirmed the breach's historical nature but found no evidence of subsequent unauthorized account access or malicious activity following the initial compromise.

Upon confirming the breach, We Heart It initiated response measures including direct email notifications sent to affected users over the weekend of October 14-15, 2017. The company implemented immediate security enhancements by upgrading password encryption for current users to the bcrypt algorithm, though this process remained ongoing at the time of public disclosure. While advising users to change passwords—particularly those unchanged since 2013 or reused across multiple services—the platform did not force password resets proactively. We Heart It cited prior security improvements made since 2013, including database and protocol upgrades, as part of its post-breach mitigation strategy. The breach primarily affected a demographic of users aged 15-24, with most accessing the service through mobile applications. At the time of disclosure, We Heart It operated both its primary image-sharing platform and a secondary app called Easel, though neither application ranked among top social networking services in major app stores.