In the last few weeks there have been releases of some very high profile database breaches, linkedin, myspace and now tumblr.
All of these sites have been hit with hacks, and resulted in massive data breaches, yet these hacks are only now coming to the surface.
Tumblr has now confirmed it was hacked in a data breach from 2013, which affected a set of users “Email addresses and Passwords”, but Tumblr has refused to reveal how many people were affected. With the release of the data, for sale on The Real Deal darknet marketplace, it has now been confirmed that there are 65 Million records available.
Have i Been pwned has obtained a copy of the stolen data set, allowing people to check if their accounts have been breached. Records show that there are currently 65,469,298 unique emails and passwords.
Tumblr has at least done one thing correctly, the passwords were both hashed and salted. Salting is adding additional random bytes at the end of the password, this makes reverse hashing much harder, even when using the weak encryption of SHA1.
The hacker with