INTERNET

More Than 65 Million Tumblr Accounts Sold For $150

A new report reveals the full scale of a 2013 data breach

INTERNET
A participant of the annual Chaos Communication Congress in Berlin. — Getty Images
May 31, 2016 at 8:09 AM ET

A total of 65 million emails and passwords for Tumblr accounts were sold on dark net for just $150, according to a report by Motherboard revealing new information about a 2013 data breach.

Earlier this month, Tumblr revealed that a third party had stolen “a set of” email addresses and passwords in 2013, before Yahoo acquired the company. Tumblr said it investigated the breach and did not find evidence the data had been used to access user accounts. However, it declined to state the number of accounts affected.

On Tuesday, Troy Hunt, who runs a website that verifies whether one’s user information has been stolen in a data breach, told Motherboard the theft contained 65,469,298 unique emails and passwords. The data was available to purchase on the dark net marketplace The Real Deal, but only sold for $150 because two methods of encryption on the stolen passwords made them difficult to crack, a hacker known as Peace told Motherboard.

More Guccifer, Hacker Who Brought Us Bush’s Paintings, Pleads Guilty

As Tumblr explained in its May 12 announcement, the passwords were secured using two processes. They were salted, meaning the company added series of random data to the end of passwords, and hashed, meaning passwords were then transformed into entirely different sets of digits. Together, the methods severely limit their usefulness to hackers.

Tuesday’s revelations are the latest regarding a series of recent historic attacks. Earlier in May, Peace tried to sell 117 million emails and passwords from LinkedIn. The hacker claimed the breach was part of a 2012 LinkedIn hack, which was believed at the time to have affected only 6.5 million users. Last week, Peace also attempted to offload a data breach consisting of almost 430 million MySpace passwords. It is not known when that breach occurred, but Hunt said in a blog post he considers that one to be historic, too.

“There are some really interesting patterns emerging here … This data has been lying dormant (or at least out of public sight) for long periods of time,” Hunt said in a Monday post on his website.