Tumblr hack: Report says 65 million emails, passwords stolen

Over 65 million user credentials have been leaked following the 2013 data breach against Tumblr. Handout/Tumblr

Sixty-five million Tumblr users are believed to have been affected by a data breach that took place in 2013, according to security researcher Troy hunt, which could leave their email addresses and passwords vulnerable to hackers.

On May 12, Tumblr revealed hackers had gained access to its servers and stole email addresses and passwords, but did not disclose just how many users were potentially affected. However, according to Hunt – creator of Have I been Pwneda website dedicated to detailing the Internet’s worst data breaches – who obtained the stolen data, the breach included 65,469,298 unique emails and passwords.

“As soon as we became aware of this, our security team thoroughly investigated the matter. Our analysis gives us no reason to believe that this information was used to access Tumblr accounts,” read Tumblr’s blog.

Global News contacted Tumblr to confirm Hunt’s analysis of the leaked data; however, a request for comment was not immediately returned.

Story continues below advertisement

WATCH: The 25 worst passwords of 2015

Click to play video: '25 worst passwords of 2016'
25 worst passwords of 2016

According to Hunt, the passwords leaked in the Tumblr data breach were “hashed” – a coding process that turns the password into a different series of digits, making it more secure. However, its believed the information has been put up for sale on the dark web, which could leave users at risk.

May has been a bad month for old data breaches. Last week Hunt also revealed more than 164 million LinkedIn email addresses and passwords had been exposed from a breach dating back to 2012.

“Following many of these incidents, breached data is publicly distributed and easily come by, in fact it was in the wake of the broadly redistributed Adobe breach of 2013 that I originally created HIBP,” Hunt wrote on his blog. “Since then we’ve seen many other times where breached data has rapidly spread across the web including Ashley Madison (probably the most downloaded breach of all time).”

Story continues below advertisement

If you were a member of either of these websites at the time of the breach, you should have received an email from the company prompting you to change your password.

However, its important to note that you should change your passwords for other websites or services if you used the same password for multiple accounts.

Tips for creating secure passwords

Stay away from easy-to-guess passwords like “123456″ or “password” and easy-to-guess identifiers, like your dog’s name.

Numbers included in a password should never be something easy to guess based on the user. That means your age, the current year, or your address are not good choices. Similarly, the longer the password the better.

READ MORE: How to protect yourself from security breaches on social media sites

Passwords that use up to ten upper- and lower-case letters mixed with numbers are proven to be more secure – despite being hard to remember.

One tip is to construct a password from a sentence, mix in a few upper case letters and a number – for example, “There is no place like home,” would become “tiNOplh62.”

And remember, try not to use the same password for any two accounts.


Sponsored content