Tumblr Security Breach from 2013 Exposed 65 Million User Credentials: Report

Yahoo-owned blogging platform Tumblr announced earlier this month that a 2013 security breach had revealed user email addresses and passwords, but did not disclose how many users the breach impacted. Now a security researcher has pegged that number at more than 65 million.

According to security researcher Troy Hunt, in an interview with Motherboard, the exposed dataset included 65,469,298 unique emails and passwords. Tumblr has not confirmed the data.

SEE ALSO: Security Fears Prompt House to Block Google, Yahoo Cloud Services

On May 12, Tumblr told users that it “recently learned that a third party had obtained access to a set of Tumblr user email addresses…from early 2013, prior to the acquisition of Tumblr by Yahoo” — perhaps an important clarification as Yahoo undergoes a strategic review to sell off its core business.

“Our analysis gives us no reason to believe that this information was used to access Tumblr accounts,” Tumblr said. “As a precaution, however, we will be requiring affected Tumblr users to set a new password.”

Hunt said that the Tumblr security breach is part of a pattern of massive breaches recently that have come to light years after they happened, referring to the LinkedIn breach that happened in 2012; “[t]his data has been lying dormant (or at least out of public sight) for long periods of time,” he said.

According to the report, because the passwords were hashed and salted, they are “very hard for hackers to crack.” The hacker selling the dataset on the dark web was only able to get $150 for it because the data was “essentially just a list of emails.”

Source: TheWHIR