![]() This includes third parties you provide with information about yourself as part of enabling or using a Tumblr feature, for example, information you provide to Stripe when interacting with the Post+ or Tipping Feature within Tumblr, or information you provide to The Meet Group as part of Tumblr Live. This Privacy Policy does not apply to the practices of third parties that we do not own, control, or manage, including but not limited to any third party websites, services, applications, or businesses (“ Third Party Services”). This Privacy Policy also covers our treatment of any information about you that our partners share with us or that we share with our partners. This Privacy Policy covers our treatment of information gathered when you are using or accessing the Services. When you use the Services, you also consent to the collection, transfer, manipulation, storage, disclosure and other uses of your information as described in this Privacy Policy please read it carefully. We may share non-personal information with our family companies for purposes such as product improvements, research and analysis, and to help them provide you with more relevant experiences. The way we handle your information hasn’t changed, so this Privacy Policy still governs when you are on Tumblr, using a Tumblr app or interacting with our products, services or technologies. Tumblr is a subsidiary of Automattic, a technology company that empowers people to build beautiful websites, tell their stories, and find and grow their audience. This policy regarding our privacy practices (the " Privacy Policy") describes how we treat the information we collect or receive when you visit and use (the " Site") and/or Tumblr’s other domains, products, advertising products, services, and/or content, including our iOS and Android mobile applications (collectively with the Site, the " Services"). (" Tumblr," " we," " us," or " our") takes the private nature of your information very seriously. To the extent any translated version of this Privacy Policy conflicts with the English version, the English version controls. In the meantime, you can check via the Have I been pwned? service whether these latest data offered for sale contains your email address and password.The original version of this Privacy Policy is written in English. Time will tell if there will be other similar revelations. But certainly there’s a trend here which is hard to ignore.” Now this is not to say that peace is the guy who’s hacking into these sites and indeed attribution can be hard, particularly after so much time has passed by since the sites were actually attacked. “These 3 are all listed by peace_of_mind and by all accounts, this individual is peddling a quality product. One explanation may be related to the presence of these breaches being listed for sale on the dark market,” he mused. “There’s been some catalyst that has brought these breaches to light and to see them all fit this mould and appear in such a short period of time, I can’t help but wonder if they’re perhaps related. Hunt notes that all of these breaches (including the MySpace one announced recently) date back a few years. Peace is selling the lot for less than half a bitcoin (around $150), so it seems that the passwords are relatively safe from cracking but, as many have pointed out, a list of emails of 65 million Tumblr users can come in handy for mounting phishing attacks – something that the Tumblr team failed to warn about. As a precaution, however, we will be requiring affected Tumblr users to set a new password,” they said. Our analysis gives us no reason to believe that this information was used to access Tumblr accounts. As soon as we became aware of this, our security team thoroughly investigated the matter. “We recently learned that a third party had obtained access to a set of Tumblr user email addresses with salted and hashed passwords from early 2013, prior to the acquisition of Tumblr by Yahoo. Tumblr warned about it earlier this month, but neglected to tell how many users are affected. The account credentials stolen from Tumblr are also old – according to researcher Troy Hunt, they were stolen in the site’s February 2013 breach. Email addresses and hashed and salted passwords of 65 million Tumblr users are being sold online by “peace_of_mind,” aka “Peace”, the individual that recently offered for sale LinkedIn users’ data dating back to a 2012 breach.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |