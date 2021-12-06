The service Gravatar, which facilitates or manages user logins for a number of services, has fallen victim to a data leak. The information is from the service Have I Been Pwned, which monitors personal and access data leaks around the world and warned registered members of the incident.

According to the website, Gravatar had a loophole discovered in October 2020 that allowed the “scraping” of a huge amount of user data. Some time later, this vulnerability was actually exploited, resulting in an alert.

According to information released so far, around 114 million users have had some type of information collected. Although a lot of people don’t exactly know the platform by name, it is connected to Automattic services, such as the publishing platform WordPress.

And now?

As this is a method of automatically scraping more readily available data, the technique isn’t exactly a break-in, and bank details or passwords weren’t exposed — the style of collection is similar to the leak that happened on LinkedIn a few months ago.

However, there is identifying information, such as the association between people, emails and other associated data. They can be used to carry out future phishing or identity fraud scams. For the time being, Gravatar has not officially commented on the matter.