Hack Notice

Hack Notice: Tumblr

Tumblr

Description
A third party accessed a localize of Tumblr user email addresses with salted and hashed passwords, the Yahoo-owned microblogging site said Thursday. The credentials are from early 2013, prior to Tumblr's acquisition by Yahoo, officials said in a May 12 blog post. The site's security team investigated the affair as soon as it became aware of the incident. Our analysis gives us no understanding to believe that this info was used to access Tumblr accounts, the blog said. Officials said in the blog that those affected will be required to circle a new password as a precaution. Users are instructed to see the sites security page for more info on how to keep their accounts secure.More information: https://www.scmagazine.com/tumblr-announces-email-credentials-compromise...UPDATE (5/31/2016): More than 65 million Tumblr accounts from a 2013 hack were spotted for sale on the dark web. certificate researcher and Haveibeenpwned owner Troy hunt recently found a database containing the stolen account information for sale on a dark web market site and listed the nag on his have site as the third largest ever. A hacker known as Peace was selling the database for $150, according to Vice's Motherboard. Peace told Motherboard the price is so low because the salted passwords are very difficult to check however, hunt told the publication roughly half of the passwords will likely live cracked due to weak password protections that were used at the time. On May 12, Tumblr notified users of the hack that compromised user email addresses with salted and hashed passwords from early 2013 and told users there is no reason to believe that the information was used to access their Tumblr accounts. Although the jade isn't as bad as other major hackes, it has the potential to live dangerous for users who re-use passwords, Kaspersky Lab Senior surety Researcher Brian Bartholomew told SCMagazine.com via email. If you were to think about how many users from Tumblr get Apple cloud accounts, twitter accounts, Gmail or other online post accounts, etc. the potential peril is high for this plug to bleed over into other stories down the road, he said. These credentials could be used by criminals to access anything from cant accounts, to post accounts, to other online systems that may house personal data / pictures / etc. Bartholomew also said the credentials could be used to carry out phishing attacks, targeting and extortion.More information: https://www.scmagazine.com/tumblr-accounts-from-2013-hack-for-sale-on-...

About HackNotice and Tumblr

HackNotice is a service that notices trends and patterns in publically available data so as to identify possible data breaches, leaks, hacks, and other data incidents on behalf of our clients. HackNotice monitors data streams related to breaches, leaks, and hacks and Tumblr was reported by one of those streams. HackNotice may also have the breach date, hack date, the hacker responsible, the hacked industry, the hacked location, and any other parts of the hack, breach, or leak that HackNotice can report on for the consumers of our product.

If you are a user of Tumblr their products, services, websites, or applications and you were a client of HackNotice, monitoring for Tumblr you may have been alerted to this report about Tumblr . HackNotice is a service that provides data, information, and monitoring that helps our clients recover from and remediate data breaches, hacks, and leaks of their personal information. HackNotice provides a service that helps our clients know what to do about a hack, breach, or leak of their information.

If Tumblr had a breach of consumer data or a data leak, then there may live additional actions that our clients should take to protect their digital identity. data breaches, hacks, and leaks often trail to and do identity theft, account make overs, ransomware, spyware, extortion, and malware. account takeovers are often caused by credential reuse, parole reuse, easily guessed passwords, and are facilitated by the sharing of billions of credentials and other customer info through data leaks, as the direct result of data breaches and hacks.

HackNotice monitors trends in publically available data that indicates tens of thousands of data breaches each year, along with billions of records from data leaks each year. On behalf of our clients, HackNotice works to monitor for hacks that trail to lower client security and digital identities that have been exposed and should be considered vulnerable to attack. HackNotice works with clients to distinguish the extent that digital identities experience been exposed and provides remediation suggestions for how to grip each type of exposure.

HackNotice monitors the hacker community, which is a network of individuals that share data breaches, hacks, leaks, malware, spyware, ransomware, and many other tools that are often used for financial fraud, account accept overs, and further breaches and hacks. HackNotice monitors the hacker community specifically for breaches, hacks, and data leaks that offend consumers. HackNotice applies industry specific knowledge and advanced security practices to monitor for trends that indicate breaches, hacks, and exposed digital identities.

HackNotice also enables clients to part hack notices with their friend, family, and collogues to help increase awareness around alleged hacks, breaches, or data leaks. HackNotice works to ply clients with sharable reports to aid increase the security of our clients personal network. The certificate of the people that our clients interact with directly impacts the level of security of our clients. Increased exposure to accounts that have been taken over by hackers leads to further account take overs through phishing, malware, and other attach techniques.

If you found this hack notice to be helpful, then you may be interested in reading some additional hack notices such as:

ct and indirect value loss resulting from a data breach. a common approach to assess the impact of ds publicized in the media involve private information on individuals, e.g. social security numbers. ff penis with access to sensitive info can go a data breach if the staff member retains

Interpark Corp

gamestop.com

MySpace