2 min read

Gravatar Data Leak Exposed 167 Million Profiles. What Does it Mean for You?

Radu CRAHMALIUC

December 07, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Gravatar Data Leak Exposed 167 Million Profiles. What Does it Mean for You?

In October 2020, a security researcher named Carlo Di Dato discovered a technique to exploit a vulnerability of the Gravatar online avatar service to collect data about its users. Although the available data was theoretically public, as Di Dato warned the community that “it’s unlikely users know their data can be accessed by querying Gravatar in a way which should not be possible."

Fast-forward to December 2021. HaveIBeenPwned revealed “167 million names, usernames and encrypted email addresses used to reference users’ avatars were scraped and distributed within the hacking community.” Just under 114 million, or 68% of the encrypted records, were cracked and distributed alongside the source hash, thus disclosing the original email address and accompanying data.

Gravatar is a service for providing globally unique avatars. Users can register an account based on their email address and upload a digital avatar to be associated with the account. Because Gravatar integrates with WordPress, GitHub and other platforms, the avatar is automatically displayed every time a user comments.

How does this affect you?

If you own a WordPress or GitHub account, you probably also have a Gravatar account, and your data was scraped in the leak. But there’s no reason to panic. While the situation isn’t ideal, the leaked data only includes names, usernames and email addresses. There’s no reason to believe passwords or other vital information were compromised.

Having said that, cybercriminals can still use the scraped data against you. For example, just by knowing your e-mail address, hackers can have a go at cracking your password. If your password is weak, or if it was reused on multiple accounts, your account can be easily hijacked.

Armed with just your name and e-mail address, scammers can cyberstalk you and target you with spam or spear-phishing. Unlike regular phishing, spear-phishing consists of compelling targeted messages, focused on a specific person of interest. Once “speared,” the victim is tricked into downloading malware or disclosing their password and financial data. Then the criminals take over.

Last but not least, hackers can link the scraped data with other personal information previously obtained on the Dark Web, build a complex digital profile and use your identity to commit fraud.

What can you do to stay safe?

Like it or not, data leaks happen all the time and changing our name or e-mail address isn’t an option, but we can take other steps to secure our accounts:

  • always use a strong, unique password, preferably one that is random generated and securely stored in a password manager
  • never use the same password on multiple accounts and never reuse old passwords
  • if you have any reason to believe an account was compromised, change your password immediately
  • watch out for shady emails, especially e-mails that urge you to take immediate action, and don’t click on suspicious links
  • always double check the e-mail sender, even if the message seems to come from a reliable source
  • stay informed. Even though you can’t prevent data leaks, you can still mitigate the effects. Bitdefender Digital Identity Protection is a service that helps you monitor your digital footprint and informs you if any of your personal information have been leaked so you can take the right measures to secure your accounts and protect your identity.

tags


Author



Right now

Top posts

Abode IoT Security Camera Vulnerabilities Would Let Attackers Insert Images, Bitdefender Finds

Abode IoT Security Camera Vulnerabilities Would Let Attackers Insert Images, Bitdefender Finds

December 21, 2021

2 min read
Online Shoppers Beware, Mobile Scams Are on the Rise

Online Shoppers Beware, Mobile Scams Are on the Rise

December 17, 2021

2 min read
The Holiday Guide to Tech Support: Fixing the Family Computer

The Holiday Guide to Tech Support: Fixing the Family Computer

November 24, 2021

2 min read
Bitdefender Celebrates 20 Years of Cybersecurity Leadership

Bitdefender Celebrates 20 Years of Cybersecurity Leadership

November 04, 2021

3 min read
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

October 26, 2021

3 min read
What are drive-by download attacks and how do you prevent them?

What are drive-by download attacks and how do you prevent them?

October 25, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Data Breach: 1.3 Million Broward Health Patients and Staff at Risk of Medical Identity Theft Data Breach: 1.3 Million Broward Health Patients and Staff at Risk of Medical Identity Theft
Alina BÎZGĂ

January 04, 2022

2 min read
Data Breach at Pro Wrestling Tees Affects 31,000 Customers Data Breach at Pro Wrestling Tees Affects 31,000 Customers
Alina BÎZGĂ

December 29, 2021

1 min read
Hackers steal credit cards from 1.8 million sports gear site customers Hackers steal credit cards from 1.8 million sports gear site customers
Radu CRAHMALIUC

December 21, 2021

1 min read