Tumblr revealed that they have recently discovered a data breach in their security system which saw 65 million account information stolen and were being sold on the darknet.
The social blogging website has released to the public that its security feature has been breached and compromised 65 million accounts. The affected username and passwords at risk are the ones from before 2013, prior to the purchase of Tumblr by Yahoo, according to its blog post.
The database breach includes e-mail addresses and passwords, although the latter is less compromised. Tumblr stated that they have taken the procedure of "salting and hashed" the passwords, which made them relatively irrelevant as it is virtually impossible to restore to a usable state.
The social blogging network has discovered that the stolen information were being sold on the darknet website, The Real Deal. The data were sold at a price of $150, according to Motherboard.
Tumblr did not immediately revealed the true scale of the breach, but security researcher, Troy Hunt of "Have I Been Pwned," has obtained a copy of the set of the stolen data. "Have I Been Pwned" is a data breach awareness website, where you can check suspected e-mail addresses to notify you if it has been compromised.
The hacker who obtained the sensitive information is believed to be a Russian cyberhacker named "Peace," whom of which is also linked to a number of recent data hacks.
While the passwords retrieved from Tumblr is "salted and hashed," it still poses a threat to its owners where there is a large number of users who are using the same security information across multiple websites.
Hunt assesses that hackers would be able to crack, at the least, half of the stolen passwords. This may explain the relatively low $150 price tag on the darknet.
The data hack is one of the multiple security breaches as of late. The others include LinkedIn, Adobe, and Myspace.