The customer details are the latest from a historic data breach to be touted online, with Motherboard reporting the whole database costs just $150 (£102).
Earlier this month the social network admitted customer details had been compromised back in 2013, but didn’t say how many accounts were affected.
The database for sale includes email addresses and passwords. However, the passwords are hashed, a process that turns them into a string of digits rather than storing them as plain text.
In a statement earlier this month Tumblr also said the passwords were “salted”. This means the company has added some random data to the passwords, making them harder to translate into a readable format. While not impossible to crack, the technique makes it harder for criminals to access the password data.
“Our analysis gives us no reason to believe that this information was used to access Tumblr accounts,” the company, now owned by Yahoo! said in a statement. It will be asking all Tumblr users who were affected to set a new password.
Security researcher Troy Hunt has added the Tumblr database to the haveibeenpwned database, which allows users to enter their email addresses and find out if they were included in the breach. He said there had been a rise in the number of “historical mega breaches” occurring in the last month.
Last week Hunt added user information from 164,611,595 LinkedIn accounts to the website. LinkedIn was first targeted in 2012 but the data only started to be sold on the dark web this month.
“There’s been some catalyst that has brought these breaches to light and to see them all fit this mould and appear in such a short period of time, I can’t help but wonder if they’re perhaps related,” Hunt wrote in a blogpost.
The Tumblr and LinkedIn data was sold on the dark web trading site The Real Deal. Earlier this month a database of 360 million MySpace accounts was also put up for sale on the site.
LeakedSource, a website that allows users to pay to see if their information has been leaked or hacked, said the hacked MySpace database contained usernames, email addresses, passwords and secondary passwords.