UPDATED 01:18 EDT / JUNE 01 2016

NEWS

Trigger warning: 65.5m hacked Tumblr records hit the dark web

The social justice warriors and “other kin” who use the Yahoo, Inc.-owned blogging site Tumblr have been pwned with a hacker releasing stolen records, including usernames and passwords, on the dark web.

News of a potential hack of Tumblr first emerged in mid May when Yahoo confirmed the site had been hacked, but the hack itself had taken place in 2013 prior to them acquiring the service.

What wasn’t previously known was exactly how many records were accessed, but a new report from data breach awareness site Have I Been Pwned puts the figure at 65,469,298 email addresses and passwords.

There is some contention however as to quality of the data, and how accessible it is.

According to Hackread the passwords that are contained in the data leak are not in plain text, but rather are hashed, a form in which the passwords are put into random digits and numbers; further it’s claimed Tumblr had used the SHA1 method to hash their passwords along with salting them, making it hard for hackers to go through the passwords and crack them easily.

IT Pro notes that the data appears to include many accounts that were deactivated at the time of the attack, as the email addresses begin with “deactivated” followed by a date before the email address proper; even if the passwords in these cases were cracked, they would not be able to be used to access Tumblr.

Expert view

While we always preach practicing safe internet, SiliconANGLE spoke to Mike Raggo, Chief Research Scientist at social media security company ZeroFOX, Inc. about the Tumblr hack, and the hack of MySpace, which is believed to have been undertaken by the same hacker.

“As these accounts are compromised, users of these platforms can expect phishing campaigns to follow as a method of exploiting additional accounts or targeting other data on the computers and mobile devices used to access those accounts,” Ragoo explained.

“Users should not only reset their passwords using strong passwords as well as two-factor authentication when possible, but be particularly watchful of reviewing a social media link before you click on it to avoid being a victim of further attacks. This might also be a good time to revisit your bio and reconsider how much personal information you share such as your birthdate, home address, phone number, and more.”

Presuming the numbers are correct, the Tumblr hack is now the third largest recorded, behind Adobe with 152 million accounts, and MySpace on 427 million.

Image credit: Tumblr/unknown

Since you’re here …

… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.

If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.

Cookies

We employ the use of cookies. Find out more.