The Hacker News Logo
Subscribe to Newsletter

The Hacker News — Cyber Security and Hacking News Website: Tumblr

Tumblr Patches A Flaw That Could Have Exposed Users’ Account Info

Tumblr Patches A Flaw That Could Have Exposed Users’ Account Info

October 17, 2018Swati Khandelwal
Tumblr today published a report admitting the presence of a security vulnerability in its website that could have allowed hackers to steal login credentials and other private information for users' accounts. The affected information included users email addresses, protected (hashed and salted) account passwords, self-reported location (a feature no longer available), previously used email addresses, last login IP addresses, and names of the blog associated with every account. According to the company, a security researcher discovered a critical vulnerability in the desktop version of its website and responsibly reported it to the Tumblr security team via its bug bounty program. Though the company has not revealed the researcher's name or any technical details about the vulnerability, Tumblr has disclosed that the flaw resided in the "Recommended Blogs" feature of its website. Recommended Blogs has been designed to display a short, rotating list of blogs o
Hacker Selling 65 Million Passwords From Tumblr Data Breach

Hacker Selling 65 Million Passwords From Tumblr Data Breach

May 31, 2016Swati Khandelwal
Earlier this month Tumblr revealed that a third party had obtained access to a set of e-mail addresses and passwords dating back from early 2013, before being acquired by Yahoo. At that time, Tumblr did not reveal the number of affected users, but in reality, around 65,469,298 accounts credentials were leaked in the 2013 Tumblr data breach, according to security expert Troy Hunt, who runs the site Have I Been Pwned . "As soon as we became aware of this, our security team thoroughly investigated the matter. Our analysis gives us no reason to believe that this information was used to access Tumblr accounts," read Tumblr’s blog . A Hacker, who is going by "peace_of_mind," is selling the Tumblr data for 0.4255 Bitcoin ($225) on the darknet marketplace The Real Deal . The compromised data includes 65,469,298 unique e-mail addresses and "salted & hashed passwords." The Same hacker is also selling the compromised login account data from Fling, Li
Exclusive Deals

Get Daily News Updates By Email

Join over 350,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.