The company revealed they had been hacked in 2013, but did not reveal how many users were affected by the breach. Following an investigation, the data breach awareness site Have I been Pwned (HIBP) have stated that they believe 65,469,298 emails and passwords have been stolen.
In a statement, Tumblr said “We recently learned that a third party had obtained access to a set of Tumblr user email addresses with salted and hashed passwords from early 2013, prior to the acquisition of Tumblr by Yahoo. As soon as we became aware of this, our security team thoroughly investigated the matter.”
“Our analysis gives us no reason to believe that this information was used to access Tumblr accounts. As a precaution, however, we will be requiring affected Tumblr users to set a new password.”
The extent of the breach only came to light after tech website Motherboard discovered the passwords for sale on the internet and dark web (an area of the internet that deals in morally questionable activities such as hacking and requires software, configuration and authorisation to access).
A hacker known as Peace (who also claims to have 100m LinkedIn logins and 360m MySpace email addresses and passwords) was found to be attempting to sell the logins for the low price of £103, which reflects how difficult it is to hack Tumblr’s encryption.
Cyber security is becoming a common issue for companies no matter the size, but when giants like LinkedIn and Tumblr are falling victim to such massive hacks, it just goes to show that no one is safe. Ensuring that everyone within the business is dedicated to protecting the company’s cybersecurity is the only way to defend against a data breach like Tumblr’s.