Tumblr hack affected 65.5 million users

Micro-blogging site seeks to reassure users after massive breach revealed

Tumblr has suffered a hacking attack that saw cyber criminals make off with the account data of a reported 65.5 million users.

The information, which includes email addresses and encrypted passwords, was "from 2013" according to a blog post by the Tumblr team.

While the blog post does not state when exactly the attack took place, Troy Hunt, who runs the site Have I Been Pwnd?, claims the data was exfiltrated on 28 February.

The blog post also does not reveal how many users have been affected, describing it simply as "a set", however, according to Hunt's information, the number is just under 65.5 million.

Furthermore, the data received by Hunt would also indicate that many of the accounts were deactivated at the time of the attack, as the email addresses begin with "deactivated" followed by a date before the email address proper. This is backed up by certain members of his mailing list being surprised to learn their data was included in the stolen information, as they thought they had "deleted" their account before the hack happened.

Steph Locke, lead data dcientist at CensorNet, told IT Pro: "The steady stream of database 'mega breaches' piled on top of smaller breaches from a variety of small and large companies continues to prove that every organisation is a target of cybercrime.

"It now becomes a question of how the stolen credentials will be, or have already been, used for nefarious purposes. With this breach being noted three years after [it] occurred, there has already been substantial opportunity for focussed attacks. Once the high-value targets have been hit, I expect we'll see a more 'all and sundry' approach - using the database for a mass spam / phishing campaign."

"Either way, people who use Tumblr should be extremely vigilant of emails received relating to Tumblr in the coming months," Locke cautioned.

IT Pro contacted Tumblr for comment regarding the volume of data stolen and related information produced by Hunt, but had not received a response at the time of publication.

Featured Resources

Consumer choice and the payment experience

A software provider's guide to getting, growing, and keeping customers

Download now

Prevent fraud and phishing attacks with DMARC

How to use domain-based message authentication, reporting, and conformance for email security

Download now

Business in the new economy landscape

How we coped with 2020 and looking ahead to a brighter 2021

Download now

How to increase cyber resilience within your organisation

Cyber resilience for dummies

Download now

Recommended

Nigerian cyber criminals target Texas unemployment system
cyber security

Nigerian cyber criminals target Texas unemployment system

27 May 2021
Hackers use open source Microsoft dev platform to deliver trojans
Security

Hackers use open source Microsoft dev platform to deliver trojans

14 May 2021
Putin open to handing cyber criminals over to US
hacking

Putin open to handing cyber criminals over to US

14 Jun 2021
Crypto-mining hackers hit Kubernetes clusters
cryptocurrencies

Crypto-mining hackers hit Kubernetes clusters

10 Jun 2021

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

16 Jun 2021
What is HTTP error 400 and how do you fix it?
Network & Internet

What is HTTP error 400 and how do you fix it?

16 Jun 2021
Ten-year-old iOS 4 recreated as an iPhone app
iOS

Ten-year-old iOS 4 recreated as an iPhone app

10 Jun 2021