Gravatar

In October 2020 a security researcher demonstrated a technique to scrape data from Gravatar which is a service providing globally recognized avatars. By exploiting the way Gravatar uses MD5 hashes of email addresses to serve user profile images attackers were able to compile a massive database. This incident resulted in the collection of 167 million records containing public profile information and email hashes. While Gravatar did not consider this a traditional hack many of the MD5 hashes were subsequently cracked by third parties revealing the underlying plain text email addresses of millions of users worldwide.