Hackers stole around 65 million passwords from Tumblr users in 2013, but the breach has only just been revealed.
The popular micro-blogging network announced earlier this month that it had only just become aware of a hack in 2013 but did not disclose any further information. After an independent analysis was conducted by security researcher Troy Hunt, it has now been revealed that 65,469,298 user emails and passwords were victim to the cyber-attack.
“We recently learned that a third party had obtained access to a set of Tumblr user email addresses with salted and hashed passwords from early 2013, prior to the acquisition of Tumblr by Yahoo,” wrote Tumblr in a statement on May 12th.
“As soon as we became aware of this, our security team thoroughly investigated the matter. Our analysis gives us no reason to believe that this information was used to access Tumblr accounts,” it continues. “As a precaution, however, we will be requiring affected Tumblr users to set a new password.”
A hacker known as “Peace of Mind” was found to be selling the data on an underground internet marketplace, but claimed he could only reach $150 of sales due to the password encryption rendering it nearly impossible to crack.
With the passwords both “hashed” and “salted,” the data was only worth the emails that were included, but those emails included in the leak will now be more susceptible to spam and fraudulent emails.