Tumblr: Hackers Stole 65 Million Passwords From Tumblr, New Analysis Reveals - Enormous Extent of the 2013 Data Breach

Tumblr did not explain the exact algorithm it used to hash the passwords, but did advise that people should still be wary and change their passwords.

Since Tumblr’s announcement about the data breach in 2013, the data in question appears to have been circulating around the internet underground.

A hacker known as 'Peace' claims to have the data and was selling it on the internet marketplace The Real Deal.
Peace said Tumblr used an algorithm called SHA1 to hash and salt the passwords.
If this is correct, it would make it very hard for hackers to crack.


This means that despite the huge amount of data, it is essentially just a list of email addresses and not of much use to Peace - who only sold it for £103 ($150).

However, Mr Hunt said that considering the data breach was three years ago, and the bad practices that were used at the time across websites, it is fair to assume half of the passwords could be cracked.

This data breach is listed on HIBP as the third largest ever. This comes just behind a hack of 164 million LinkedIn accounts and the breach of 152 million Adobe accounts.

Tumblr did not explain the exact algorithm it used to hash the passwords, but did advise that people should still be wary and change their passwords.

Since Tumblr’s announcement about the data breach in 2013, the data in question appears to have been circulating around the internet underground.

A hacker known as 'Peace' claims to have the data and was selling it on the internet marketplace The Real Deal.
Peace said Tumblr used an algorithm called SHA1 to hash and salt the passwords.
If this is correct, it would make it very hard for hackers to crack.

This means that despite the huge amount of data, it is essentially just a list of email addresses and not of much use to Peace - who only sold it for £103 ($150).

However, Mr Hunt said that considering the data breach was three years ago, and the bad practices that were used at the time across websites, it is fair to assume half of the passwords could be cracked.

This data breach is listed on HIBP as the third largest ever. This comes just behind a hack of 164 million LinkedIn accounts and the breach of 152 million Adobe accounts.