Revealed: 65 million Pre-Yahoo Acquisition Tumblr Accounts Were Hacked

Tumblr said 65 million Tumblr accounts were hacked but don’t worry this was in 2013 before Yahoo took over the platform!

Tumblr recently revealed that it discovered a breach in their systems which affected users accounts and their passwords. The company said that the hack had happened back in 2013, but they just recently discovered it. It also refused to give figures of how many of its users had been affected. However security researchers have done an independent analysis, and it appears the numbers actually stands at 68 million.

Atar Kochavi, a cyber intelligence and Darknet expert for Hacked-DB recently got hold of the security breach data. Kochavi told HackRead that the number of hacked accounts stood at 65,469,298. When contacted for confirmation of the figure, Tumblr refused to comment.

If you were among targeted users you should have got an alert email from Tumblr

Fortunately, the passwords that are contained in the data leak are not in plain text, but rather are hashed. This is a form in which the passwords are put into random digits and numbers. When Tumblr disclosed details of the breach, they said that they had also added a various number of bytes at the end of each password before they hashed the passwords. The algorithm used in hashing the passwords was not revealed however by the company when they disclosed the breach.

Since the announcement by Tumblr of the data breach, the information seems to be circulating around on the underground Internet market. A hacker is known as Peace, who is also known for the LinkedIn hack, said he had the data pertaining to the Tumblr breach and was selling it on the dark market of the Internet. He also said that Tumblr had used the SHA1 method to hash their passwords. Another added advantage about Tumblr’s hashing of passwords is that they also salted the passwords, which makes it hard for hackers to go through the passwords and crack them easily.

Peace said that the database he had with him was only a set of passwords and could only sell them for $150. Kochavi also suggests that the length of time between the hack and the reveal means the passwords will be easily penetrable since back in 2013 passwords were not as strong as they are now.

Kochavi, listed the hack as the third biggest ever, after that of, which affected 427 million accounts and that of Adobe, which affected about 152 million accounts. The Hacked-DB shows data for all those who might have been affected by the data breach, but that is a secondary source since Tumblr emailed affected users to reset their passwords after they had announced the breach.

A LinkedIn breach was discovered earlier this month which dated back a few years back, together with another one of MySpace, which was also revealed this month. Whether there will be more revelations of data that was hacked ways back is unknown but as we are seeing, anyone can be hacked, and the information will take the time to come out.

If the trend continued of hacked accounts that would be revealed later, where would it end? And if it continues, which other social media accounts or networks have been affected that we still don’t know about. And in any case, if the releases are all purely coincidental when do they stop?

Esther Vargas/Tumblr
Related Posts