Over 65,469,298 emails and hashed passwords has been leaked by hackers which belongs to the Tumblr users, according to Independent security researcher Troy Hunt. The researcher tracked the data dump to The Real Deal Dark Web marketplace, where a hacker by the name of Peace (also known as Peace_of_mind) is selling it for 0.4255 Bitcoin ($225).
The passwords that are contained in the data leak are not in plain text but it is a form in which the passwords are put into random digits and numbers. When Tumblr disclosed details of the breach they said that they had also added a various number of bytes at the end of each password before they hashed the passwords and the algorithm used in hashing the passwords was not revealed by the company.
“As soon as we became aware of this, our security team thoroughly investigated the matter. Our analysis gives us no reason to believe that this information was used to access Tumblr accounts”, read Tumblr’s blog.
But the hacker selling these data also said that Tumblr had used the SHA1 method to hash their passwords and t they also salted the passwords, which makes it hard for him to go through the passwords and crack them easily.
The latest Tumblr user statistics reveal the platform has around 550 million users, which means just over an eighth of the site’s total database is impacted. This same hacker, Peace was the one who hacked into MySpace and LinkedIn and leaked data over the internet last week.