Ο ανεξάρτητος ερευνητής ασφαλείας Troy Hunt αποκάλυψε σήμερα ότι εντόπισε μια βάση δεδομένων που περιέχει 65.469.298 e-mail και κατακερματισμένους (hashed και salted) κωδικούς accessand belong to Tumblr users.
The researcher identified the data on the Dark Web Real Deal market where a hacker named Peace (also known as Peace_of_mind) sells it for 0.4255 Bitcoin (or 225 dollars).
Ο ερευνητής αναφέρει ότι οι κωδικοί πρόσβασης που συμπεριλαμβάνονται στη βάση δεδομένα φαίνεται να είναι hashed και salted, που σημαίνει ότι είναι πολύ πιο safe σε σύγκριση με την κατάσταση στην οποία αποθηκεύονταν οι κωδικοί πρόσβασης από το LinkedIn και το MySpace (μόνο με encryption SHA1), and the LeakedSource team managed to crack most of them.
Tumblr hasn't made an official announcement yet, but the blogging Yahoo's platform has announced since May 12 about a possible data breach.
Then, the Tumblr team revealed that someone alerted them to a possible data violation that became 2013 before Yahoo even bought the platform.
Tumblr's team did not reveal the number of affected users, but they said that they had begun a password reset process.
The latest Tumblr statistics reveal that the platform has about 550 million users, which means that one-eighth of all site accounts have leaked.
Troy Hunt has created the online service Have I've Been Pwned, where users can search a huge database to see if their details have been leaked.
The Peace hacker who sells data is the same person who sold MySpace, LinkedIn, and other online services such as Fling.com and the Linux Mint forum.