Tumblr is making users change their passwords and for some it’s causing a major issue. Find out why the company is forcing you to reset your account and what to do if you can’t.
Wondering why Tumblr is suddenly making you change your password? Don’t worry. You aren’t alone. Thursday afternoon, a number of Tumblr users reported being logged out of their Tumblr accounts and receiving a message that said, “it’s time to change your password.”
According to Yahoo, which owns Tumblr, company engineers became aware that an unspecified number of Tumblr users’ emails and account passwords had been obtained by an unnamed third party. The accounts breached were old ones, said Yahoo representative. Tumblr accounts created prior to 2013, when Yahoo acquired the company, were reportedly the ones breached.
RELATED: 'Have I Been Pwned’ Researcher Says Myspace Hack Is Bad, But Larger Breaches May Be Coming
That fact that most of the accounts hacked were older ones is posing a particular problem for affected users. Tumblr’s Twitter page has been bombarded with complaints from users reporting that the email accounts they used to sign up for Tumblr are not active, the passwords lost, hacked or other problems that make access impossible.
Without access to the email address used to sign up for Tumblr, users cannot receive the reset email. And without access to the reset email, Tumblr’s help blog basically says your out of luck, bud.
“If you no longer have access to the email that you used to register your Tumblr account and the recovery resources above don’t help, we, unfortunately, don’t have a way to verify that you’re the owner, and we don’t give out login information to anyone besides the owner. It’s a bummer, but don’t stress too much. You can always create a new account and start having fun all over again,” Tumblr's support blog states.
Emailed responses to affected Tumblr users mirrored the support blog policy.
For many who use Tumblr as an artistic portfolio or for storing other important data, being forced to reset their passwords is proving a major trial and one that Tumblr has thus far provided no additional comment or support.
Was Tumblr Hacked? How Were Account Passwords Breached?
So, how were Tumblr accounts breached anyway? iDigitalTimes reached out to Yahoo via email, but the spokesperson informed us that the company had no way to track how the account information was breached since the data was from before Yahoo acquired Tumblr.
"This data is 3 years old, and we don’t have forensic information from that time," the spokesperson wrote, "However, our analysis gives us no reason to believe that this information was used to access Tumblr accounts."
Based off the information provided, it’s likely a third party accessed Tumblr login credentials from other data breaches. For example, last week news broke that a Russian hacker has sold a massive email hack database on the dark web for less than a dollar. The database included login credentials for 272.3 million email accounts -- some of which were Yahoo accounts. It’s possible that the Tumblr account breach is related.
UPDATE 06/01/16: The Tumblr account breaches were part of a string of recent breaches sold on the dark web by a hacker called Peace of Mind. The related hacks include breach of LinkedIn, Myspace and Fling.com
As more is learned about how Tumblr accounts were breached or if there is a way to reset Tumblr passwords without access to old email accounts, we’ll be sure to update this post.