Gravatar data leak, details of 113 million users stolen

Gravatar online service, which is linked to Wordpress, was hacked by miscreants. Cybersecurity researchers reported the details of a large-scale data leak.

HaveIBeenPwned password breach recording website informed that in October 2020, a cybersecurity researcher published a technique for scraping large volumes of data from Gravatar, the service for providing globally unique avatars warned. As a result of the data leakage:

167 million names, usernames and MD5 hashes of email addresses used to reference users' avatars were subsequently scraped and distributed within the hacking community.

According to HaveIBeenPwned, data of 113,990,759 Gravatar users was accessed by attackers.

Troy Hunt, the operator of the HaveIBeenPwned, discovered that his Gravatar data also was impacted.

Hunt added that despite the massive data leak, he will continue use the service:

Personally, this won't stop me using Gravatar. I'm sympathetic to tech platforms providing services that by design, make data public and easily accessible but then need to defend against scraping. It's a hard problem.

Previously investigators discovered another large-scale data leak exposing European businessmen. A Chinese ERP software provider was affected.