UPDATED 16:42 EST / MAY 13 2016

NEWS

Tumblr account information leaked, but Yahoo denies hack

The social network Tumblr has begun a wave of password resets, following a data breach in which a third party obtained the login information for several accounts. However, Yahoo (which owns Tumblr) states that there was not any new hack or leak, and the stolen account information may have been taken from an attack from before its acquisition.

What and When

According to reports, the data obtained dates back to 2013, from before Yahoo acquired Tumblr. Nothing more recent than that was compromised, so users who recently set up accounts do not have to worry. While the only information stolen was login info, such as email and passwords, those can still be put to use by cyber criminals.

However, Yahoo did not specify if the data was obtained through a previous data breach or a misplaced backup, nor did it specify how many users were impacted. Considering there are over 550 million accounts on Tumblr, only a small portion may be at risk, but a small portion of 550 million is still a lot.

Yahoo issued a statement, explaining:

We recently learned that a third party had obtained access to a set of Tumblr user email addresses with salted and hashed passwords from early 2013, prior to the acquisition of Tumblr by Yahoo. As soon as we became aware of this, our security team thoroughly investigated the matter. Our analysis gives us no reason to believe that this information was used to access Tumblr accounts. As a precaution, however, we will be requiring affected Tumblr users to set a new password.

What now?

The good news is that Tumblr security states there have not yet been any attempts by outside parties to log in to any of the compromised accounts. With any luck, the password reset was quick enough to protect all accounts from unauthorized access, although that alone does not solve the entire problem.

Impacted users should not only reset their password, but any identical passwords on other accounts. It’s very common for people to use the same email address and password on various social media sites, so when one is compromised, the others are at risk as well, which in turn can unlock email, online banking accounts, and more. While the data may be old, it’s just as valuable and important to protect as any other.

Photo by clasesdeperiodismo


A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU