Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hackers Stole 65 Million Passwords From Tumblr (vice.com)

Posted by msmash on from the security-woes dept.

Lorenzo Franceschi-Bicchierai, reporting for Motherboard: On May 12, Tumblr revealed that it had found out about a 2013 data breach affecting 'a set of users' email addresses and passwords, but the company refused to reveal how many users were affected. As it turns out, that number is 65 million, according to an independent analysis of the data. Troy Hunt, a security researcher who maintains the data breach awareness portal Have I Been Pwned, recently obtained a copy of the stolen data set. Hunt told Motherboard that the data contained 65,469,298 unique emails and passwords. Update: 05/30 16:36 GMT by M : An earlier version of the original report claimed that data of 68 million accounts were compromised. It's 65 million. The original story, and hence, this summary has been updated to reflect the same.

44 comments

  1. Here comes the PORN by Anonymous Coward · · Score: 0

    Thanks Tumblr

  2. 68 million or 65 million? by dwillden · · Score: 2, Insightful

    Editors please proofread. 68 million user affected yet 65 million unique emails and passwords, so where are the additional 3 million users affected?

    --
    I'm too lazy to compose a creative sig.
    1. Re:68 million or 65 million? by dwillden · · Score: 1, Insightful

      Even worse, the summary is basically a copy and paste of the first couple paragraphs of the second link, yet the submitter manages to change 65 to 68.

      Okay I'm done whining about this.

      --
      I'm too lazy to compose a creative sig.
    2. Re: 68 million or 65 million? by jovius · · Score: 1, Flamebait

      I guess the difference comes from whether one browses Tumblr using one hand or two hands.

    3. Re:68 million or 65 million? by PopeRatzo · · Score: 0

      Editors please proofread. 68 million user affected yet 65 million unique emails and passwords, so where are the additional 3 million users affected?

      Those three million are the ones whose password is "passw0rd".

      After all, this is Tumblr we're talking about.

      --
      You are welcome on my lawn.
  3. Tumblr by Anonymous Coward · · Score: 1

    "Tumblr is a microblogging platform and social networking website founded by David Karp in 2007, and owned by Yahoo! since 2013. The service allows users to post multimedia and other content to a short-form blog." - Wikipedia

  4. Uh oh... by wardrich86 · · Score: 4, Funny

    There's gonna be a whole lot of angry feminists and SJW's...

    1. Re:Uh oh... by Opportunist · · Score: 1

      How are we going to tell the difference?

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    2. Re:Uh oh... by Anonymous Coward · · Score: 0

      I'm sure they'll figure out a way to blame it on white men. Harassment FTW.

    3. Re:Uh oh... by Anonymous Coward · · Score: 0

      Don't forget the pr0n blogs

  5. It could be worse.... by Anonymous Coward · · Score: 0, Interesting

    Instead of passwords, it could be encryption keys held in escrow due to some politicians requiring backdoors into encrypted system....

    I'm wondering how long before Microsoft loses all those Windows disk encryption keys it's been backing up to its servers, or Google losses its Android encryption keys it also has been 'backing up' to its servers. Or Emperor Trump decides his government will help itself to.

    1. Re: It could be worse.... by Anonymous Coward · · Score: 0

      Citation please.

  6. We Need MOAR! by JustBoo · · Score: 0

    Day after day, after day, of news about huge, large, small, you name it, security leaks of all kinds on the internet. (The OPM leaks should still be front page news.) But the last time I checked, the main agenda of the CIOs of the World, is to put absolutely everything, no matter what, on the internet and push the 'social-enabled enterprise.'

    Yeah, Geniuses are in charge. Security? Bwha! "We don' needs no steeking security badges!" I can't wait till everyone's medical records, including images, are all totally on the internet. Despite what one may read, most enterprises are failing at that for now. Thank Gawd.

    "I fear the day that technology will surpass our human interaction. The world will have a generation of idiots." - Albert Einstien

  7. sixpack of bud light by Anonymous Coward · · Score: 1

    should goes to the guy who writes a bot to login to each account, delete its contents, and then close the account.

    1. Re:sixpack of bud light by Hognoxious · · Score: 1

      I don't think he should be punished like that.

      --
      Confucius say, "Find worm in apple - bad. Find half a worm - worse."
  8. Re:Passwords are for Cows by Anonymous Coward · · Score: 0, Funny

    sexconker, you are so funny! your jesting is so smart and insightful, every time I read your cow posts I feel like I learned something new while being entertained! thank you for being such a wonderful human being!~~~~~~~~~~~~~~~~~~~

  9. Your passwords are too simple! by Anonymous Coward · · Score: 0

    Damn the ID10T users! If only they stopped using passwords that are so easy to steal! I tell you, users are nothing but trouble. I keep refining the password policy, but when I make them choose passwords which contain a number, they add "1" to the end of their previous password. I'm trying to keep you safe, you morons. If you choose stupid passwords like that, of course they'll get stolen! FML.

    1. Re:Your passwords are too simple! by war4peace · · Score: 0

      1D10T is the jest name of the 100mm D10-T gun from World of Tanks.
      https://en.wikipedia.org/wiki/...

      Totally unrelated, but I felt I had to contribute to the "6 degrees of separation" network.

      --
      ...gis sdrawkcab (usually not responding to ACs; don't bother posting as AC)
    2. Re:Your passwords are too simple! by Opportunist · · Score: 0

      ID10T is the endearing name I grant everyone who plays this (or any other) P2W game.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    3. Re:Your passwords are too simple! by Anonymous Coward · · Score: 0

      Um, what does a security breach resulting in stolen credentials have to do with the credentials themselves?

    4. Re:Your passwords are too simple! by Anonymous Coward · · Score: 0

      (replying to myself to further the point)
      If I make a /. account with a weak password, does that increase the risk that /. will be hacked and everyone's account info stolen?

      Okay, maybe if an administrator used a weak password, it could lead to other passwords being stolen.

    5. Re: Your passwords are too simple! by s122604 · · Score: 1

      How do you even know what their passwords are? Social engineering? Or are you storing them in something other than salted hashes?

    6. Re: Your passwords are too simple! by Anonymous Coward · · Score: 0

      Excuse me? How else would I be able to send them their password by email when they forget it? Which they do ALL THE TIME, and the bastards have the nerve to blame my password policy! Can you believe it.

    7. Re:Your passwords are too simple! by war4peace · · Score: 0

      You have no fucking clue what P2W means - but hey, the world is full of the likes of you.

      --
      ...gis sdrawkcab (usually not responding to ACs; don't bother posting as AC)
    8. Re:Your passwords are too simple! by Anonymous Coward · · Score: 0

      Make love, not war, you two.

  10. At least they were salted and hashed by Anonymous Coward · · Score: 0

    At least they were salted and hashed.

    1. Re: At least they were salted and hashed by Hawks · · Score: 1

      2 T oil
      8 oz corned beef
      65M passwords
      1 white onion chopped
      1 bell pepper chopped
      2 potatoes shredded
      Salt and pepper to taste

      Sauté' vegetables in oil until soft, add passwords and continue until clear text
      Add corned beef and potatoes and fry until golden brown

      Serve with 2 pwned eggs

      --
      in anima Apparatus
  11. It wuz H4XX0RZ!!1! by Anonymous Coward · · Score: 0

    No, it wasn't. It's just another company trying to deflect blame by invoking bogeymen and vague words of empy vagueness.

    Thanks for wasting my time like that, manishs.

  12. Oh noes by JustAnotherOldGuy · · Score: 0

    1) ....and nothing of value was lost.

    2) It's like 65 million SJW's cried out from being triggered in their safe space and were suddenly silenced.

    --
    Just cruising through this digital world at 33 1/3 rpm...
    1. Re: Oh noes by Anonymous Coward · · Score: 0

      Assholiooo

    2. Re: Oh noes by Anonymous Coward · · Score: 0

      Me want PW for me bunghole.

      Bungholioooooooooooo.

  13. That Fair, I Guess by wisnoskij · · Score: 1

    Tumblr is pro-shoplifting. So I guess they they should be fine with having their stuff stolen as well.

    https://www.tumblr.com/tagged/...

    --
    Troll is not a replacement for I disagree.
    1. Re: That Fair, I Guess by Anonymous Coward · · Score: 0

      Tumblr is a fucking breeding ground for SJW and do gooders. It's for sissys who follow orders and fall in line with authority. They question nothing. If someone says something is bad, they parrot that and agree that it's bad.

      TLDR: they don't think for themselves. It's a collection of group thinks whom all think they are changing the world one post at a time.

      TLDR: fuck tumblr and their SJW/spoiled bitches.

  14. Re:Passwords are for Cows by Anonymous Coward · · Score: 0

    Shut up Cowdor, you stupid cow.

  15. Why store passwords? by Anonymous Coward · · Score: 0

    There is a known method that website server stores hash values of passwords instead of actual passwords.
    Whenever a user attempts to login the password provided by the user gets converted to its hash and compared to the stored hash value.
    So if the stored hash values are stolen they cannot be used to get the actual passwords because the hash function is one-way.

    1. Re: Why store passwords? by Anonymous Coward · · Score: 0

      It's called cracking the hashes. Ever take comp security 101? If you think hashes are 100% safe than get out of this field.

      There have been pW hash crackers since forever.

    2. Re:Why store passwords? by green1 · · Score: 0

      Great in theory, but once you have the hash table, it's just a matter of time until you find the passwords that generate the hash. It's brute force, but there simply aren't enough combinations possible to stop it.
      Now hashing is still a whole lot better than storing the passwords themselves, but it's not perfect. If there's a way to use the has table to verify passwords (which is essential for it to work at all) then there's also a way to brute force it once you have it on your own system with lots of time to spare. Although a strong password could take a very long time to crack, even in such a scenario, most people use fairly weak passwords which are the ones that any cracking algorithm will be guaranteed to try first.
      In past tests on similar dumps of data 90% of passwords have been cracked in under an hour.

  16. The only sad thing here. by Anonymous Coward · · Score: 0

    Potential porn artists Tumblrs being compromised.
    After all, that is the only worthwhile thing on Tumblr. That.

    I remember when Tumblr first started out, seemed promising.
    The whole templating system they created for styling profiles was pretty neat.
    Then they allowed infinite scrolling and my care for it vanished in a day.
    Not even the SJWanks are as bad as infinite scrolling.
    FUCK infinite scrolling. SO MUCH.

  17. 2013 ... was that by CaptainDork · · Score: 1

    a long time ago and stuff?

    --
    It little behooves the best of us to comment on the rest of us.
  18. old news by Anonymous Coward · · Score: 0

    everyone already owned all these people