Gravatar
What Happened
In October 2020, a security researcher published a technique for scraping large volumes of data from Gravatar, the service for providing globally unique avatars . 167 million names, usernames and MD5 hashes of email addresses used to reference users' avatars were subsequently scraped and distributed within the hacking community. 114 million of the MD5 hashes were cracked and distributed alongside the source hash, thus disclosing the original email address and accompanying data. Following the impacted email addresses being searchable in HIBP, Gravatar release an FAQ detailing the incident.
Compromised Data
Recommended Actions
Get Aura for identity theft and credit protection. Keep your assets safe with fast fraud alerts, instant credit lock, and $1,000,000 identity theft insurance. Speak to a U.S. based fraud specialist 24/7.
Try Aura
Use a password manager to generate and store strong, unique passwords for all your accounts. 1Password helps protect your data with industry-leading security.
Try 1Password
Take action after a breach — Guardio spots what’s still at risk and blocks phishing scams and new threats before they compromise your data or finances.
Try GuardioBreach Overview
-
Affected Accounts:
114 million
-
Breach Occurred:
October 2020
-
Added to HIBP:
5 Dec 2021
Recommended Actions
Change Your Password
If you haven't changed your Gravatar password since 2020, do so immediately.
Enable Two-Factor Authentication
Add an extra layer of security to your account.
Use a password manager to generate and store strong, unique passwords for all your accounts. 1Password helps protect your data with industry-leading security.
Try 1Password
Get Aura for identity theft and credit protection. Keep your assets safe with fast fraud alerts, instant credit lock, and $1,000,000 identity theft insurance. Speak to a U.S. based fraud specialist 24/7.
Try Aura