In November 2017, the online image-sharing community received a notification about a possible data breach from 2014. Troy Hunt, the owner of the website Have I Been Pwned, reached out to the company's COO on 23rd November 2017 to inform him that he had received data that seemed to include the emails and passwords of the company's users.
The company investigated quickly, and by the next morning, had discovered 1.7 million users from 2014 had indeed had their email addresses and passwords stolen. The company confirmed that they never ask for real names, addresses, phone numbers, or other personally identifiable information (“PII”), so the information that was compromised did not include such PII.
The company acted quickly in their incident response, contacting affected users by 24th November and publicly disclosing the breach on their website that same day.
In March 2018, the hacker was jailed.
Want to discuss this case? You can purchase a 30 minute conference call with our analysts to discuss this case and the implications it has for your organisation. Just select the time and date that works for you: