Hundreds of millions of hacked account details from social
networks MySpace and Tumblr have been advertised for sale online.
Time Inc., owner of Myspace has confirmed that once a
popular social media has fallen victim to hackers and has blamed the breach on
a cyber attacker called 'Peace' from Russia.
It is the biggest hacks to date which has exposed around 360.2
million accounts with 427 million passwords of MySpace and 65 million passwords
of Tumblr.
LinkedIn’s big breach exposed over 100 million accounts.
The passwords were stored in a modified form that was meant
to protect them, but the technique used was relatively weak and it seems the
vast majority have been cracked.
A LeakedSource revealed that user passwords were stored in
SHA1 with no salting. This is bad, but so are the passwords that were in use.
Both MySpace and Tumblr’s login appears to have stolen
several years ago but only recently came to light.
If you were a registered user before 2013, your information
may have been compromised.
The Myspace database was provided by someone who goes by the
alias Tessa88@exploit.im.
The Tumblr IDs come from a breach flagged by the Yahoo-owned
blogging site on 12 May.
The firm goes on to blame the hack on 'Peace', who is also
allegedly responsible for the recent high-profile hacks on LinkedIn and Tumblr.
This data set contains 360,213,024 records. Each record may
contain an email address, a username, one password and in some cases a second
password. Of the 360 million, 111,341,258 accounts had a username attached to
it and 68,493,651 had a secondary password.
The website hasn’t been updated to included the MySpace
breach yet.
Even adult dating site Fling was also breached in 2011 had
exposed millions of id.
If you are still using one of these bad passwords, for
crying out loud, change it. You can check to see whether you are affected on
the LeakedSource database. µ