"We are in the process of updating all user passwords with this additional encryption as expeditiously as possible."
The company is currently contacting all affected users via email and has advised them to change their We Heart It password if it has not been updated since 2013. It also recommended that users update their passwords on other platforms and services if they happen to use the same login credentials across different sites.
"We would like to apologise to all of our users who were affected by this breach," the We Heart It team said. "We will continue to investigate this incident, and will update this post as and if further relevant information comes to light."
According to Hunt, 55% of the email addresses compromised in the breach were already in Have I Been Pwned's database.
New breach: We Heart It had a breach in 2013 which exposed 8.6M accounts. 55% were already in@haveibeenpwned. More:https://t.co/WjZC880jai— Have I been pwned? (@haveibeenpwned)October 14, 2017