Tumblr Was Hacked — Years Ago

Hi guys,

Tumblr recently revealed  that a data breach had affected  “a set” of users’ email addresses and passwords, in a 2013 data breach.  The company did not give a figure of how many were affected but independent studies have shown that about 65 million were affected.

The owner of the awareness portal ‘Have I been Pwned’  Troy Hunt recently obtained a copy of the stolen data set. According to him, 65,469,298 unique emails and passwords were released. However, the passwords were hashed and were not in plaintext. Tumblr did not mention what algorithm was used to hash the passwords. Since this was announced the data has been circulating in the underground internet.

A hacker going by the name Peace, has also claimed to have the data and was selling it on the darknet marketplace – The Real Deal. Peace  has told that the data was essentially just a list of emails, and he was only able to sell it for $150.

Hunt said that there is still a chance that the passwords could have been cracked given the age of the breach and the lack of security in the website.

This data breach is now listed on Have I Been Pwned as the third largest ever. Tumblr forced users to reset passwords after announcing the breach.

What’s interesting is that years-old breaches are emerging in the last couple of weeks- including LinkedIn and MySpace. Everyone gets hacked and sometimes you don’t find out for years.

Hunt wrote in a post “This data is lying dormant (or at least out of public sight) for long periods of time,”

“If this indeed is a trend, where does it end? What more is in store that we haven’t already seen?” Hunt wrote. “And for that matter, even if these events don’t all correlate to the same source and we’re merely looking at coincidental timing of releases, how many more are there in the ‘mega’ [breach] category that are simply sitting there in the clutches of various unknown parties?“

Source: Akati

Comments are closed.