Alleged Gravatar “Breach” Exposes 100+ Million Users’ Data


114 million Gravatar users received an email from the security alert company, HaveIBeenPwned, stating that their accounts have been exposed in what could be called a data breach. Gravatar, an online avatar service, denies ever being hacked, as Search Engine Journal reports. 

What Led to the Data Breach?

While officially, this leak cannot be classified as a data breach, it still compromises users’ privacy to an extent. The way Gravatar user information is stored made accessing data information on millions of users much easier for any person with malicious intent. This user information could be further used to hack the accounts and gain access to passwords. That part is not that difficult because most people use weak passwords, as hacking statistics show. The users’ information was publicly available. For someone to enter an account, however, they first needed to know the email and password of the user. But, since the email addresses were stored in an MD5 hash (not a very secure format) a hacker could easily get past the Gravatar security system.

Difference Between Data Scraping and Data Breach

A data breach or data leak happens when an unauthorized person gains access to information that in other ways is not publicly available, whereas data scraping happens when software is used to download public information from a website. In the email sent to its users by HaveIBeenPwned, the word breach is used, but the founder, Troy Hunt, explains in a tweet that it was a matter of templated wording, they were referring to data scraping as stated in the tweet. However, he states that it could be classified as a ‘breach’ if the information is misused. Gravatar, on the other hand, insists that this was not a breach. 

What Do the Users Expect From Gravatar?

Most users agree that they want more control of how their Gravatar information is used. Why is it important to know that? Well, because, as identity theft statistics show, 1 in 15 people are victims of identity theft. To prevent potential identity theft, users could decide to invest in tools used as protection against potential identity theft. At the very least, every user wants to know how their data would be used and how they can be accessed. It’s not that big a prize to pay for users’ trust.


Reading and writing have always been my way to get a hold of the world, especially when it comes to news. When I'm not writing, reading books, traveling, and going on long walks with my dog are the things I do to recharge my batteries.

Latest from Dimitra

Koinly Adds Terra Wallet to Its Crypto Tax Software The 3 Major Credit Bureaus to Remove Some Medical Debts From Consumers’ Credit Reports Moderate Ambient Light During Sleep a Factor for Heart Disease and Diabetes Melatonin Usage Rising in Spite of Potential Health Risk Warnings


  1. -Very valuable topics, I hope more.

  2. wow ! what a content , loved it , thanks for sharing it .

  3. Very helpful and interesting.

Leave a Reply