Two social media platforms were hacked years ago, but the data is now available to the highest bidder…
Years have passes since the Tumblr and MySpace breaches, yet now appears be to the time to sell those 425 million records. Security researcher, Troy Hunt, reported to BBC News concerns that the MySpace, Tumblr, and LinkedIn sales of personal data could be correlated somehow; as the hackers sat on this data for years, yet in the past month these hacked credentials are showing up on the dark market.
MySpace representative reported the company is monitoring the site closely for any fraudulent activity on accounts and is working closely with the authorities to help pursue the criminals behind this hack.
“The use of weak passwords and unencrypted database passwords still presents a serious security problem to individuals and companies alike, and its one of the top causes of data breaches. The MySpace hack may be the biggest breach in a long time. While many people may feel MySpace isn’t as popular as Facebook/Twitter, etc., the bigger problem is password reuse. With username and password reuse, an individual may use the same email address or username and password on site A that they would use on sites B and C. When site A gets compromised, the hacker uses an underground tool to check other various sites to see if this account login and password combination exists elsewhere, not associated with MySpace.”
Tumblr reported their data breach in 2013, and reported credentials were stolen including email addresses and “salted” passwords. The term “salted” means the administrator added various characters to the user passwords in an attempt to make decryption more difficult in the event of a breach. Although the passwords may be useless to the hackers, the email addresses are not. These users are now a prime target for phishing attacks.
The biggest pieces of advice we can give to those who have potentially been impacted by these breaches are as follows:
- Be incredibly cautious with any email correspondence that appears to come from these two social media sites. The best option would be to visit their sites directly instead of using a link through a email, as it could be a phishing attempt.
- If you have used the same user ID or password for any other accounts that were linked to these two platforms, change them immediately.