Data from almost 114 million Gravatar users leak on the internet


Personal information from nearly 114 million Gravatar users was leaked onto the internet this weekend. The volume compromised includes names, logins and email addresses of people around the world who have registered with the system, used primarily as a way to display avatars on websites that run on the WordPress management system.

The revelation about the leak happened this Sunday night (5th), after the Have I Been Pwned website notified users about the presence of their information in another compromised volume. The service, aimed precisely at alerting about the appearance of personal information in cases of this type, points to the connection between what happened now and a complaint made by security experts in October.

At the time, researcher Carlo Di Dato had published a proof of concept on how it would be possible to collect, en masse, the information of millions of Gravatar users. Some of the information cited, such as usernames and logins, is public, but massively collecting and categorizing them poses a security hazard, particularly if it crosses with other compromised databases that can reveal repeatedly used passwords, thus such as other personal or financial data.

Want to catch up on the best tech news of the day? Access and subscribe to our new youtube channel, Kenyannews News. Every day a summary of the main news from the tech world for you!

At the time, MD5 hashes of 167 million users were obtained as part of the exploit, containing not only such data but also emails, which should not have been available. Now, the 113.9 million compromised records are precisely part of that initial volume, encrypted and being distributed alongside the bank’s ransom that is still shuffled.

According to Troy Hunt, responsible for Have I Been Pwned and a security specialist, the case is relevant because it represents, mainly, a breach of trust. Commenting on the situation with Gravatar on Twitter, he said he is in favor of systems that make data universally available, but that such platforms need to have data scrapping protections. In addition, in his view, it is important to inform users about compromises in this category, even if the information contained is public.

usual care

Users affected by the leak should be aware of phishing scams and other types of fraudulent communication that arrive via email, either on behalf of Gravatar or other services. Avoid clicking on links or downloading applications and software that arrive through such means, seeking out companies directly if you believe the contact is legitimate.

In addition, it’s worth subscribing the email itself to services such as Have I Been Pwned, which will not only display a list of all data leaks where your information has been available, but will also notify you in case of new ones. Antivirus software and Google itself also offer such functionality.

O Kenyannews sought Automattic, responsible for Gravatar, but had not received a response until the publication of this article.

Share post:


More like this

Deputy president can’t serve as CS, Kingi tells Raila

ODM leader Raila Odinga erred in saying he...

Kuria’s party decries exclusion in Ruto’s Kenya Kwanza

Chama Cha Kazi members in Kikuyu have rejected...

Fuel subsidy tops Treasury Sh64bn extra budget

The National Treasury has asked the National Assembly...

Europa League Conference: Roma win the final against Feyenoord!

At the end of a fairly balanced final where...