Tumblr
  • Total Records73,369,178
  • Unique Emails72,917,656
  • Unique Email Providers1,400,343

Tumblr Data Breach: January 2013 Overview

In early 2013, Tumblr—a widely used social blogging platform—experienced a data breach that eventually impacted more than 65 million user accounts. Though the incident began in January 2013, it wasn't until years later that the scope became fully apparent when the stolen data surfaced on darknet markets. Attackers gained access to a huge trove of personal information, including email addresses and securely hashed passwords, which Tumblr had encrypted with salted SHA1 hashes. The breach left millions of users' credentials circulating on underground forums, highlighting the far-reaching effects of compromised account data across popular platforms.

How Did the Tumblr Data Breach Happen?

The details around the initial attack in 2013 are not fully public, but the breach exposed data stored on Tumblr's systems at the time. The attackers managed to extract user email addresses as well as password hashes. Tumblr used salted SHA1 hashing, which was considered a solid practice for protecting passwords then, though it is less robust by today’s standards.

Scope of the Breach

A total of 73,369,179 records were compromised in this breach. The exposed information consisted primarily of email addresses and hashed passwords. No further sensitive information such as direct messages, birthdates, or payment data was reported as affected.

Timeline of Events

  • January 2013: Breach occurs, but the details remain undisclosed to the public at the time.
  • In subsequent years, the stolen data gradually emerged for sale on dark web markets, confirming the scale of the incident.
  • The breach gained renewed attention once the compromised data was made available outside of Tumblr’s control, impacting user security far beyond the initial breach date.

What Data Was Leaked?

The compromised data included:

  • Email addresses connected to Tumblr accounts
  • Passwords, which were salted and hashed with the SHA1 algorithm

Because SHA1 hashes with added salt were used, direct password recovery from the exposed data was made more difficult, though not impossible with enough effort from attackers.

Who Was Responsible for the Breach?

The Tumblr breach’s perpetrators haven’t been publicly identified. Like many large-scale data breaches from that era, information about the methods and individuals involved remains scarce.

Frequently Asked Questions

How many users were affected by the 2013 Tumblr breach?

The breach impacted more than 65 million Tumblr accounts, with reports showing just over 73 million credentials in total.

What information was compromised in the Tumblr data breach?

Email addresses and hashed passwords (protected with salted SHA1) were included in the breached data set.

When did the Tumblr data breach occur?

The incident happened in January 2013, but it came to widespread attention later when the stolen data was discovered on underground forums.

How can i check if i'm in the Tumblr data breach?

You can check if your information was part of the Tumblr breach by utilizing the DeHashed search engine.