ShellCodeX
Tools โ€ข Events โ€ข News โ€ข Insights
ShellCodeX Breach Report

Gravatar Data Breach

gravatar.com
Massive exposure
Verified breach
Accounts exposed 113,990,759
Breach date 03 Oct 2020
Added to tracker 05 Dec 2021
Data classes 3

What happened

In October 2020, a security researcher published a technique for scraping large volumes of data from Gravatar, the service for providing globally unique avatars . 167 million names, usernames and MD5 hashes of email addresses used to reference users' avatars were subsequently scraped and distributed within the hacking community. 114 million of the MD5 hashes were cracked and distributed alongside the source hash, thus disclosing the original email address and accompanying data. Following the impacted email addresses being searchable in HIBP, Gravatar release an FAQ detailing the incident.

Exposed data

Email addresses Names Usernames

Recommended actions

  • Watch for targeted phishing emails referencing Gravatar โ€” attackers weaponise breach data quickly.
  • Check whether your email address appears in this breach on haveibeenpwned.com.
Am I affected? Check whether your email address appears in this breach.
Check on HIBP