1/6 [#OSINT] Gravatar is used by more than 200m users, the email address used to create your account is also hashed to create your unique profile url; which poses a massive privacy implication if you was to be able to reverse the MD5 hash but also creates an opportunity.
2/6 If you have a large enough collection of email addresses you could start by hashing every single one and storing them in a table. The more you have the greater the chance you have of being able to take a url of any Gravatar Profile and decoding the registered email address.
3/6 If you take a look at the url below you will see an example of the founders profile url being used. After hashing over 3+ billion email address i am able to lookup that hash in my table to receive the founders email address for that profile.
en.gravatar.com/site/implement…
en.gravatar.com/site/implement…
4/6 Support for Gravatar Profile are integrated into many websites and apps. It has an extremely popular plugin with Wordpress and by leveraging the above we can identify people who subscribe/comment on Wordpress sites/posts
5/6 You are able to lookup a profile by the md5 hash or username, but sometime ago you could also do it by the incremental user id. Starting with /1 and increasing the number by 1 you was able to scrape all the users that had signed up, before they stopped it.
6/6 Profiles on Gravatar contain bios, social media account as well as other useful information. By scraping all this data and building a dataset which you can then enrich/roll-up the decoded email address on to the profile we can then attribute emails to social media profiles.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
