Sixty-five million Tumblr users are believed to have been affected by a data breach that took place in 2013, according to security researcher Troy hunt, which could leave their email addresses and passwords vulnerable to hackers.
On May 12, Tumblr revealed hackers had gained access to its servers and stole email addresses and passwords, but did not disclose just how many users were potentially affected. However, according to Hunt – creator of Have I been Pwned, a website dedicated to detailing the Internet’s worst data breaches – who obtained the stolen data, the breach included 65,469,298 unique emails and passwords.
“As soon as we became aware of this, our security team thoroughly investigated the matter. Our analysis gives us no reason to believe that this information was used to access Tumblr accounts,” read Tumblr’s blog.
Global News contacted Tumblr to confirm Hunt’s analysis of the leaked data; however, a request for comment was not immediately returned.
WATCH: The 25 worst passwords of 2015
According to Hunt, the passwords leaked in the Tumblr data breach were “hashed” – a coding process that turns the password into a different series of digits, making it more secure. However, its believed the information has been put up for sale on the dark web, which could leave users at risk.
May has been a bad month for old data breaches. Last week Hunt also revealed more than 164 million LinkedIn email addresses and passwords had been exposed from a breach dating back to 2012.
“Following many of these incidents, breached data is publicly distributed and easily come by, in fact it was in the wake of the broadly redistributed Adobe breach of 2013 that I originally created HIBP,” Hunt wrote on his blog. “Since then we’ve seen many other times where breached data has rapidly spread across the web including Ashley Madison (probably the most downloaded breach of all time).”
If you were a member of either of these websites at the time of the breach, you should have received an email from the company prompting you to change your password.
However, its important to note that you should change your passwords for other websites or services if you used the same password for multiple accounts.
Tips for creating secure passwords
Stay away from easy-to-guess passwords like “123456″ or “password” and easy-to-guess identifiers, like your dog’s name.
Numbers included in a password should never be something easy to guess based on the user. That means your age, the current year, or your address are not good choices. Similarly, the longer the password the better.
Passwords that use up to ten upper- and lower-case letters mixed with numbers are proven to be more secure – despite being hard to remember.
One tip is to construct a password from a sentence, mix in a few upper case letters and a number – for example, “There is no place like home,” would become “tiNOplh62.”
And remember, try not to use the same password for any two accounts.