The latest data analysis shows that over 60 million passwords and emails from Tumblr users were leaked since 2013. Ever since Tumblr was acquired by Yahoo, the company revealed that hackers obtained access to just a portion of user login credentials, but as it turned out, this number was much more massive.
Troy Hunt, founder of the ‘Have I Been Pwned?’, recently obtained a copy of the stolen data set. In precise numbers, hackers gained access to 65,469,298 passwords and emails from Tumblr users. However, these passwords were not in plain text but were hashed, or turned into a different string of digits.
Tumblr didn’t reveal which algorithm exactly was used to access passwords and emails, but a hacker known as Peace claims he used SHA1 to hash the passwords. It is known that leaked passwords are already available on the dark marketplace where people sell them for bitcoin.
Hunt also warned that at least half of passwords on Tumblr can be cracked using the same method hackers previously used. Have I Been Pwned? now lists Tumblr as the fourth largest breach, after MySpace, Adobe and LinkedIn.
Due to a huge number of breaches recently revealed, Microsoft decided to change its password policy and force people to use passwords that are harder to guess. So, if you’re creating Microsoft account, make sure to create as strong a password as possible to avoid a Tumblr type of fate.
If you fear that hackers leaked your email address, you can go to Have I Been Pwned? and check if your email address was exposed to hackers. A similar service called “Hacked?” recently released is official Windows 10 app, so you can do the same from your Windows 10 or Windows 10 Mobile device.
RELATED STORIES YOU NEED TO CHECK OUT: