[the_ad id="12394"]
HomeUpdateFirefox confirmed WordPress gravatar data breach in mails.

Firefox confirmed WordPress gravatar data breach in mails.

-

Gravatar, which is powered by the same company as WordPress has been reported to have one of the biggest data breaches in history.

As per BuiltWith, 6,358,273 websites use gravatar to offer avatar(Profile Image) services to their users.

Stats about the hacking

167 million names, usernames, and MD5 hashes of email addresses used to reference users’ avatars were subsequently scraped and distributed within the hacking community and dark web.

114 million of the MD5 hashes were cracked and distributed alongside the source hash, thus disclosing the original email address and accompanying data.

Back around 2020, security researched Carlo Di Dato demonstrated the flaw but Automatic, The company that powers gravatar and WordPress was ignorant.

Apart from WordPress, the website list also includes popular sites likes GitHub, Slack, StackOverflow, Disqus, P2, WordPress.com, wordpress.org, and many other popular websites that use gravatar for their service.

Firefox Confirmation

Firefox confirmed WordPress gravatar data breach in mails. 1

The hacked data was rotated so much that it has now reached Firefox and https://haveibeenpwned.com/. The users are being informed about the breach.

How this data can be used?

Your fake profiles in Secret groups: This data breach will also expose the identity of users hiding their identity on different sites with different names but the same email address.

Finding which Sites You use: The breached data can also be used to find one’s account on different sites.

Targetted advertising: As the footsteps will be clear, One can use these emails to do targetted advertising by sending bulk emails or even remarketing through Facebook and google remarketing.

TheDigitalHacker
thedigitalhacker.com is an independent organization publishing news and information about data breach, hacking, bad actors in the industry, Our goal is to keep you updated with the latest happenings in the tech industry. You can report a breach anonymously with our report form

Must Read

Google is manufacturing an AR Headset

0
The hunt monster has as of late started increasing work on an AR headset, inside codenamed Project Iris, which it desires to deliver in...