Massive Hack into Tumblr Impacts 65.4m Users

Personal information of innumerable people accessing Tumblr the social media website was posted on the Dark Web for sale, only after weeks when LinkedIn the business networking website was revealed to have encountered one likewise hack.

Within both instances, several years back, hackers stole the login details; however, it became evident only recently: over 167 LinkedIn IDs got seized during 2012 that was discovered in April 2016 when the details were posted to one Russia-based hacker forum.

Among the details, the passwords were "hashed" rather than being in plaintext, so they appeared as a separate series of digits. There were also random bytes in a sequence suffixed to the passwords prior to making them hashed, in other words before 'salting' them. Also, it wasn't specifically stated what algorithm was utilized for creating the hashed passwords. Motherboard.vice.com posted this, May 26, 2016.

Comprising of passwords and e-mail addresses, the database had the passwords highly secured since Tumblr had hashed/salted them, thus making it virtually impossible for retrieving them to a condition of usability. Ever-since they've been put on sale on The Real Deal a Dark Web marketplace. Each password costs merely $150, says Lorenzo Franceschi-Bicchierai of Motherboard.

On May 12, Tumblr stated that immediately when they became aware about the theft and sale, their security team probed into the incident thoroughly. Their analysis didn't give any reason for believing the data was utilized for reaching accounts on Tumblr. Nonetheless, to continue to remain safe, it would be good if Tumblr accountholders reset their passwords, the company cautioned.

Tumblr's security team did not disclose how many users were affected, however, stated that they were beginning certain process of password reset intended for the affected users.

The most recent statistics on Tumblr accountholders show that the website hosts some 550m users implying that only more than one-eighth of entire user-base is affected.

An online service called "Have I've Been Pwned" accountable to Troy Hunt lets users to scan information databases obtained from public hacks. According to Hunt, he included into that database the stolen Tumblr data so people can now scan to know whether their particulars had been leaked.

» SPAMfighter News - 6/6/2016