Chances are, you have forgotten all about that Myspace account and your friend Tom that you had back in the early 2000s. However, that account may come back to haunt you as Myspace has fallen victim to possibly the largest data breach to date. According to the hack-tracking site LeakedSource, over 360 million user records were stolen by a hacker that goes by the name of “Peace.”
“Email addresses, Myspace usernames, and Myspace passwords for the affected Myspace accounts created prior to June 11, 2013, on the old Myspace platform are at risk,” Myspace announced in a blog about the hack. For those of you who have created an account since June 2013, your account is currently unaffected. Myspace says it has increased its security significantly, specifically by using “double salted hashes,” which makes it much harder to crack passwords even if they have been breached.
Apparently, “Peace” was a very busy hacker in 2013. The anonymous cybercriminal is responsible for the data breaches of LinkedIn, Myspace and now Tumblr. LinkedIn and Myspace could go down as the largest data breaches in history with records surpassing 100 million and 360 million respectively.
What is Tumblr? Tumblr lets you effortlessly share anything. Post texts, photos, quotes, links, music and videos from your browser, phone, desktop, email or wherever you happen to be. It is a cross between a social networking site and a blog. Often described as a ‘microblog’, Tumblr currently hosts over 217 million separate blogs with 420 million users and was purchased in 2013 by Yahoo for $1.1 billion.
On May 12th, Tumblr revealed that it had just discovered a 2013 breach of user email addresses and passwords. Troy Hunt, a security researcher at Have I Been Pwned, recently obtained a copy of the stolen data set which includes over 65 million unique email addresses and passwords.
The breaches of LinkedIn, Myspace and Tumblr are being tabbed as ‘mega breaches’ and coincidently have been released in the last couple of weeks. Could this be a trend and how many more ‘mega breaches’ could we see in the near future?
“If this is indeed a trend, where does it end? What more is in store that we haven’t already seen?” Hunt wrote. “…how many more are there in the ‘mega breach’ category that are simply sitting there in the clutches of various unknown parties?”
How Serious Is This?
While it’s extremely unlikely that anyone is going to want to hack into your zombie Myspace page or Tumblr account, cybercriminals who get access to your email addresses, usernames or passwords are going to attempt to use them to gain access to other accounts; such as your bank accounts. It’s as important as ever to have different and very sophisticated passwords for each online account you use. While this may be a huge pain, it’s worth doing and might save you a lot of hassle in the long run.