Microblogging platform and social media network, Tumblr was hacked 3 years ago, but the company just discovered it now. The breached data which contained email addresses and passwords for its users was seen on the underground Internet market.
Troy Hunt, a security researcher, recently got hold of the security breach data. He is well known as the security researcher who is in control of the awareness portal Have I Been Pwned. Hunt told reporters that the number of hacked accounts stood at 65,469,298. When contacted for confirmation of the figure, Tumblr refused to comment.
Troy Hunt’s portal Have I Been Pwned, listed the hack as the third biggest ever, after that of LinkedIn, which affected 164 million accounts and that of Adobe, which affected about 152 million accounts. The Hunt owned website could be used to check if your Tumblr account was hacked though it would only act as a secondary source of the information since, Tumblr itself already notified affected users of the hack when they disclosed the hack to the world. The company told its clients to reset all their passwords so that the information on the data breach would be of no use.
A hacker known as Peace is thought to be in control of the data and is selling it on the underground market. He said the data had in it passwords which had been encrypted by the SHA 1 method, but the company refused to say which of the methods they had used to encrypt the passwords. The company also put an extra layer of protection by salting the passwords, which means that it would make it impossible for the hackers to crack the codes for the passwords.
Peace said that the passwords could only be sold as a listing, and he was selling them for $150.
The number of data breaches which have been revealed this month but date back a few years back is increasing with each passing day. Hunt wrote in a blog post that the data has been lying dormant and out of sight for a long time.
A LinkedIn breach was discovered earlier this month which dated back a few years back, together with another one of MySpace, which was also revealed this month. Both of the hacks were said to be available in the underground Internet market and being sold by Peace too. How he manages to get hold of these data breaches is incomprehensible.