Gravatar data breach: affecting over 100 million users

Gravatar is one of the most well-known avatar websites in the world. The avatar set by the account created by the user here can be called for other websites without repeated settings. For example, WordPress supports the call of Gravatar avatars.

In fact, the Gravatar database was collected due to a vulnerability as early as October 2020. At that time, the database was traded on the dark web but did not attract much attention.

The main reason is that this database only contains the user’s registered email address, names, and usernames because Gravatar only needs these, so there is no private information at all except for the email address.

Firefox Monitor, a data breach monitoring platform of Mozilla, simply recorded this incident: the leaked Gravatar data only contained emails, names, and usernames.

Because there is no password and the password is not leaked, the user does not need to change the password. Moreover, even if the password is leaked, Gravatar will not cause potential threats.

However, it is recommended that users do not use repeated passwords, so as not to cause a more serious threat to all other websites due to the leakage of the password of one website.

The only threat to users is that they may receive various spam emails in the future because the database will definitely be used by spam gangs after it is widely circulated.