Gravatar Data breach

For everyone who has a gravatar, this is something interesting to read. They managed to get a list of email-addresses, matching names and photos from the gravatar service.

Even more interesting is how they did it so we don’t make the same mistake.

Disclaimer: This article is from 2020, the method has been patched, and the profile information associated with Gravatar accounts is already public, anyway. This just demonstrated a previously unknown scraping method.


It is patched, but this is from today:

Of the MD5 hashes, just under 114 million were cracked and distributed alongside the source hash, thus disclosing the original email address and accompanying data.

I posted the original article because it’s more interesting to know how it’s done, than to know that it happened

So yes, they have a list of emailaddresses and pictures, that is not fun, but there were other hacks that were a lot worse. And since they fixed it, I also won’t stop using gravatar.

1 Like