More than 65 million Tumblr passwords leaked to hackers

by Ivan Jenic
Ivan Jenic
Ivan Jenic
Troubleshooting Expert
Passionate about all elements related to Windows and combined with his innate curiosity, Ivan has delved deep into understanding this operating system, with a specialization in drivers and... read more
Affiliate Disclosure
A message from our partner

To fix Windows PC system issues, you will need a dedicated tool

  • Download Fortect and install it on your PC
  • Start the tool's scanning process to look for corrupt files that are the source of your problem
  • Right-click on Start Repair so the tool could start the fixing algorythm
Download from Fortect has been downloaded by 0 readers this month, rated 4.4 on TrustPilot

The latest data analysis shows that over 60 million passwords and emails from Tumblr users were leaked since 2013. Ever since Tumblr was acquired by Yahoo, the company revealed that hackers obtained access to just a portion of user login credentials, but as it turned out, this number was much more massive.

Troy Hunt, founder of the ‘Have I Been Pwned?’, recently obtained a copy of the stolen data set. In precise numbers, hackers gained access to 65,469,298 passwords and emails from Tumblr users. However, these passwords were not in plain text but were hashed, or turned into a different string of digits.

Tumblr didn’t reveal which algorithm exactly was used to access passwords and emails, but a hacker known as Peace claims he used SHA1 to hash the passwords. It is known that leaked passwords are already available on the dark marketplace where people sell them for bitcoin.

Hunt also warned that at least half of passwords on Tumblr can be cracked using the same method hackers previously used. Have I Been Pwned? now lists Tumblr as the fourth largest breach, after MySpace, Adobe and LinkedIn.

have i been pwned websites

Due to a huge number of breaches recently revealed, Microsoft decided to change its password policy and force people to use passwords that are harder to guess. So, if you’re creating Microsoft account, make sure to create as strong a password as possible to avoid a Tumblr type of fate.

If you fear that hackers leaked your email address, you can go to Have I Been Pwned? and check if your email address was exposed to hackers. A similar service called “Hacked?” recently released is official Windows 10 app, so you can do the same from your Windows 10 or Windows 10 Mobile device.


This article covers:Topics: