Independent security researcher Troy Hunt revealed today that he has identified one base δεδομένων που περιέχει 65.469.298 e-mail και κατακερματισμένους (hashed και salted) κωδικούς accessand belong to Tumblr users.
The researcher identified the data on the Dark Web Real Deal market where a hacker named Peace (also known as Peace_of_mind) sells it for 0.4255 Bitcoin (or 225 dollars).
The researcher reports that the passwords που συμπεριλαμβάνονται στη βάση δεδομένα φαίνεται να είναι hashed και salted, που σημαίνει ότι είναι πολύ πιο ασφαλή σε σύγκριση με την κατάσταση στην οποία αποθηκεύονταν οι κωδικοί πρόσβασης από το LinkedIn και το MySpace (μόνο με κρυπτογράφηση SHA1), και η team of LeakedSource managed to crack most of them.
Tumblr has not released any official announcement yet, but Yahoo's blogging platform has announced from 12 May a possible data breach.
Then, the Tumblr team revealed that someone alerted them to a possible data violation that became 2013 before Yahoo even bought the platform.
The Tumblr team didn't reveal the number of users affected, but said they had started one procedure resetting passwords.
The latest Tumblr statistics reveal that the platform has about 550 million users, which means that one-eighth of all site accounts have leaked.
Troy Hunt has created the online service Have I've Been Pwned, where users can search a huge database to see if their details have been leaked.
The Peace hacker who sells data is the same person who sold MySpace, LinkedIn, and other online services such as Fling.com and the Linux Mint forum.