14 DAY TRIAL // Independent security researcher Troy Hunt revealed today that he received a data dump that contains 65,469,298 emails and hashed passwords, which the anonymous donor said belonged to Tumblr users.
The researcher tracked the data dump to The Real Deal Dark Web marketplace, where a hacker by the name of Peace (also known as Peace_of_mind) is selling it for 0.4255 Bitcoin ($225).
Passwords are hashed and salted
The researcher says that the passwords included in the data dump appear to be both hashed and salted, meaning they're a lot more secure compared to the state in which the passwords were stored on sites such as LinkedIn and MySpace, also recent victims of massive data breaches. In those two cases, the data was only hashed via SHA1, and the team from LeakedSource managed to crack most of the leaked passwords.
Tumblr hasn't put out an official statement on the incident yet, but the Yahoo-owned blogging platform has come clean on May 12 about a potential data breach.
Back then, the Tumblr team revealed they received a tip about a possible data breach originating from 2013, before Yahoo acquired the Tumblr platform.
The Tumblr team didn't reveal the number of affected users but said they were starting a password reset process for the users they thought to be affected.
One in eight Tumblr users affected
The latest Tumblr user statistics reveal the platform has around 550 million users, which means just over an eighth of the site's total userbase is impacted.
Troy Hunt is the man behind the Have I've Been Pwned online service, where users can search a humongous database of details from public breaches. Hunt said he added the Tumblr data to the database, and users can now search and see if their details were exposed.
Peace, the hacker that's selling the data, is the same person that put up for sale the MySpace and LinkedIn data dumps, but also other online services such as Fling.com and the Linux Mint forum.
