The saga of mega breaches continues…
In a very short period of time, a series of data breach incidents were revealed. This time under the spotlights are the names of the most popular social networks. LinkedIn, Fling, MySpace and now Tumblr one after another made the headlines for the huge number of compromised user account credentials. These “mega” breaches came out to the public just recently, when the stolen data surfaced on the black markets.
A hacker named “Peace” recently became infamous with his offer to sell millions of user account details, which became available on The Real Deal black marketplace. In the same dark web site, specialized in selling stolen data and computer exploits, there are available user login credentials from Fling, LinkedIn, and MySace.
Starting with the latest breach, 65 million Tumblr accounts are on sale for just 0.4255 Bitcoin. That makes about $225 and is a dirt cheap price for the size of the database. This particular breach happened back in 2013, but Tumblr found out about the incident only in May of this year and recently notified its users. According to security analyses, the passwords were hashed and salted, but Tumblr did not reveal the algorithm that was used. This explains why the selling price was so low. Having in mind the time when the breach originally happened, and what bad practices were used back then on the web, it could be possible that at least half of the passwords could be cracked.
Having in mind that these four data breaches happened a way back, but they all came to light recently, it is impossible to fail to notice some striking similarities they have in common. If we follow them chronologically, we will see that all the four data incidents remained “hidden” for years before they were discovered. Fling was the first platform that was compromised back in 2011. Then, it was followed by the LinkedIn breach in 2012 and the last two data breaches of MySpace and Tumblr happened three years back in 2013.
Millions of credentials became publicly available on the dark web
Impressive is the volume of the leaked data. The largest breach is the MySpace passwords theft, which are roughly calculated to be over 427 million. LinkedIn comes next with 167 million of hacked accounts for sale. The hacking of Tumbler led to the leakage of 65 million and the one over at Fling of 40 million user accounts’ credentials.
All of the millions of credentials became publically available on the dark web one after another. Could this be a coincidence or is something else in the works? Could Facebook be the next in line? With billions of users worldwide it surely could be a target. These four cases come to point out that it is a high time we take the security and privacy of customer data and information extremely seriously. Especially when we live in times where malicious actors are acting with sophistication and technology and data breaches have become a common problem all around the globe.
Check if you have been pwned
In case you want to check if any of your accounts has been compromised, here is a database of more than 600 million hacked accounts. We hope you will not find yours among them, but still, it is advisable to have a look.