More than 65 Million Tumblr Emails Being Sold on the Dark Net after Leak

We reported a little while ago on the Tumblr hack from three years ago. A database of email addresses and salted passwords were taken and Tumblr started getting some users to change their passwords. That caused a lot of problems for some users, but Tumblr had at least reported that none of the accounts had been accessed. It now turns out that this is because the database is being sold on the dark net along with an old MySpace database.

Most of the time if someone wants emails and passwords, they'll just take them. They aren't likely to pick up a database and then try to get money from selling it. Tumblr claims that because the passwords are salted and hashed that it should be okay, but there are other people pointing out that having your email could be bad enough. Passwords can be guessed after all and some are more secure than others. So if you made your account as a teenager and used a personal email address that you still use now, you should probably keep an eye on it. Tumblr might have informed some people, but there is actually a site where you can check email addresses to see if they are at risk on hacked sites. The site is run by a security researcher who is going through as many accounts as possible and checking them. One of mine was at risk, the one with my most common email address so I immediately went and changed my password. Even without Tumblr's suggestion. I'm pretty sure I'd changed my password sometime more recently between now and 2013 anyway but I wasn't going to risk it and you shouldn't either.

This breach is being considered a historical mega breach. The database has not been sold yet so either no one wants it, or it's only recently been put up for sale online. There aren't many examples of this kind of breach and you can't even really tell if they were smart moves by the hackers. The fact that no one has tried once since suggests that this is either a long game, or it doesn't really work. Who would want to pay money for a bunch of email addresses and passwords that they may or may not be able to use?

There's not much information on this right now, outside of what we already know, so if you have an older Tumblr account it's probably best to see what email it's attached to and go from there. Some people might suggest signing up using burner emails that disappear, but the fact is, when you then need to change your password, you can't change it. Things like this happen rarely so all you can do is use varied passwords and keep an eye on tech news.

Post a comment


Author Name

Free Gift

Free Gift
Get immediate access to our in depth video training on the click by click steps required to get your successful online business started today

Contact form


Email *

Message *

Powered by Blogger.