Yahoo is forcing a password reset on Tumblr accounts after a cache of email addresses and salted and hashed passwords from 2013 were discovered in the wild. A Tumblr spokesperson would not disclose who accessed the data, where it was found, nor how many email addresses were impacted and how many of those are still active accounts. Yahoo has been vocal about the progression of its security program, starting with a ramp-up of its encryption efforts in 2013 and the hiring of high-profile CISOs Alex Stamos and current chief Bob Lord.
Source: https://threatpost.com/tumblr-accounts-must-reset-passwords/118084/