Gravatar Data “Scraped” From Site

Those of you who use the Gravatar service, which provides globally unique avatars to a myriad of sites across the “Interwebs”, should be aware that data, including your email address, real name and username have been “scraped” from the site using a technique published by a security researcher. Of the 167 million accounts scraped, 114 million have had their hashed (sort of like encrypted) email address cracked and distributed within the hacking community. While no passwords for the site were captured, you must realize that this information is “out there” and could be used to attempt to manipulate you into compromising related accounts.

Of the 114 million cracked accounts there were 759 berry.edu or vikings.berry.edu accounts included. There’s nothing to do besides be aware that this information is available to attackers along with other accompanying data. You can, and should, login to the Gravatar site and verify your account information is still correct. It is unlikely that anything was changed as this was not technically a data breach, but a “scrape”. A data scrape is where data is collected in bulk from a website or service that wasn’t designed to be collected in bulk or data was collected in a way the web site owners did not anticipate. The data is then subsequently “cracked” if needed, aggregated, and distributed by hackers. Again, no passwords were included in this incident.

To find out if your Gravatar information was included in the cracked accounts, you can go to Have I Been Pwned and enter your email address in the search form. While you are there, you can also sign up for breach notifications involving your Berry or other email addresses by clicking on “Notify Me” at the top of any page on the site.