In November 2017, the online image-sharing community received a notification about a possible data breach from 2014. Troy Hunt, the owner of the website Have I Been Pwned, reached out to the company's COO on 23rd November 2017 to inform him that he had received data that seemed to include the emails and passwords of the company's users.
The company investigated quickly, and by the next morning, had discovered 1.7 million users from 2014 had indeed had their email addresses and passwords stolen. The company confirmed that they never ask for real names, addresses, phone numbers, or other personally identifiable information (“PII”), so the information that was compromised did not include such PII.
The company acted quickly in their incident response, contacting affected users by 24th November and publicly disclosing the breach on their website that same day.
In March 2018, the hacker was jailed.
Want to discuss this case? We're offering a FREE 20 minute phone consultation to discuss this case and the implications it has for your organisation. Just select the time and date that works for you:
If you'd rather we did the heavy lifting in developing a cyber incident response plan or lessons learnt training for your organisation underpined by our unique insight into the challenges faced and strategies implemented by organisations countering today's cyber security threats then please contact us here.