Over 65 million Tumblr account details are up for sale on the dark web, according to hack-monitoring website Have I Been Pwned?, marking the latest attempt to sell data from hacks that took place several years ago.
The details relate to a hack on the site in 2013 that Tumblr admitted in early May had only just been discovered. The firm has not said how many people were affected.
“We recently learned that a third party had obtained access to a set of Tumblr user email addresses with salted and hashed passwords from early 2013, prior to the acquisition of Tumblr by Yahoo,” Tumblr said earlier this month.
“As soon as we became aware of this, our security team thoroughly investigated the matter. Our analysis gives us no reason to believe that this information was used to access Tumblr accounts.”
“Affected users” were required to reset their passwords as a result.
Have I Been Pwned? has now updated its database to include the impact of this hack, putting the figure at 65 million.
“In early 2013, Tumblr suffered a data breach which resulted in the exposure of over 65 million accounts,” the site said.
“The data was later put up for sale on a dark market website, and included email addresses and passwords stored as salted SHA1 hashes.”
Security researcher Troy Hunt, who runs Have I Been Pwned?, explained that the Tumblr data was the latest in a series of mega-breaches that he has added to his index of hacks, underlining the trend among hackers to go after huge datasets.
“I've finished loading Tumblr into Have I Been Pwned? with a grand total of over 65 million records dating back to 2013. That rounds out the total number of records loaded in just the last six days to 269 million, not that much less than I had in the entire system just a week ago," he wrote on his blog this week.
Hunt added that there appears to be a connection with these releases, as many of the breaches occurred years ago but are only now seeing the data being made public.
He added that it could be the start of a trend that could see more 'mega-breaches' come to light, or indeed take place, in the weeks and months ahead.
"If this is a trend, where does it end? What more is in store that we haven't already seen? And for that matter, even if these events don't all correlate to the same source and we're merely looking at coincidental timing of releases, how many more are there in the 'mega' category that are simply sitting there in the clutches of various unknown parties?" he said.
AlphaBay users had flocked to Hansa after it was closed down - not realising it had already been taken over by Dutch police
Microsoft closes in on $100bn annual revenues with sales weighing-in at $23.3bn
Moves to take down cyber-squatted domains reveals Fancy Bear hacking network, claims Microsoft
Intel claims 'world first' in artificial intelligence that can be plugged-in almost anywhere