Gravatar “Breach” discloses 100M+ user data
A safety site emailed reports of a data breach influencing more than 100 million Gravatar users. Gravatar refuses to admit that someone hacked it. The defense alert corporation HaveIBeenPwned informed users that the data of 114 million users leaked online. The user data of every individual with a Gr
A safety site emailed reports of a data breach influencing more than 100 million Gravatar users. Gravatar refuses to admit that someone hacked it. The defense alert corporation HaveIBeenPwned informed users that the data of 114 million users leaked online. The user data of every individual with a Gravatar profile was free to download utilizing the software.
The software can scrape the information. Technically it’s not a violation. Gravatar stored the user data and made it manageable for an individual with negative purposes. They collect user data which they will use as part of invasion to gain access and passwords.
Gravatar profiles are public data. Nonetheless, the personal user accounts are not recorded in a manner that anyone can effortlessly browse. Ordinarily, an individual would need to know profile data like the username. By this, the person can find the profile and all the publicly accessible data.
The Gravatar data was publicly accessible, but an outsider must notice the username of the user. The outsider can gain permission to the avatar user account. Also, they store the user’s email address in an insecure encrypted way. An MD5 hash is risky. Anyone can effortlessly unencrypt this. Stocking email addresses in the MD5 layout gives only minor safety protection.
Troy Hunt clarified in a series of tweets the reason why the avatar scraping incident is crucial. Troy affirms that the information was the default picture of the user. A profile is possibly public, but no one can effortlessly harvest it.
Gravatar affirmed that after the enumeration invasion, they disclosed defenselessness. It took efforts to shut it to stave off further downloading of user data. So, on the one hand, avatar took efforts to prevent those with negative purposes from harvesting user data. But on the contrary, they asserted that the Gravatar hack is misleading information.
More in SEO
View allThe Complete Guide to SEO in 2026
A comprehensive, practical guide to search engine optimization in 2026 — how search works now, the three pillars, keyword and content strategy, technical SEO, links, and how AI is changing the game.
How to Improve Your Google Rankings: What Actually Works
A grounded guide to improving where you rank on Google — the levers that genuinely move rankings, minus the myths and shortcuts.
How AI Search Is Changing SEO (and What to Do About It)
AI answers and generative search are reshaping how people find information. Here’s what’s actually changing in SEO — and the durable strategy that still works.