In what maybe on of the biggest credential losses in history MySpace.com was apparently hacked and usernames and passwords stolen. According to reports 360 million credentials containing 427 million encrypted passwords have been compromised. However the breach has not been confirmed. According to the website LeakedSource the age of the credentials is unknown and the credibility of the data is also in question. LeakedSource is a search engine for hacked data. MySpace has not acknowledge or released any statement on this incident yet.
Motherboard.vice.com reported that the same hacker who is selling data stolen from LinkedIn.com is also claiming the MySpace.com data breach. However the hacker has not provided any sample of the data.
On May 12 technicians at Tumblr.com discovered as data breach that reportedly dates back to 2013 before the company was purchased by Yahoo! According the the website Neowin the stolen data included 65,469,298 emails and passwords. Tumblr has so far refused to acknowledge this number. The hacker responsible for the breach, known as ‘Peace,’ also claims responsibility foe the MySpace data breach. According to Motherboard the data is encrypted making it difficult if not impossible to access so ‘Peace’ is only asking $150 for the data.
It is unknown Tumblr has notified its users of the breach. However Tumblr users can check their email address against the database of email addresses at Have I been Pwned?‘.
Tumblr users should be aware that just because user names and passwords are encrypted does not mean they are safe. Hackers still have your email address and that could lead to spam, phony Tumblr email, phishing attacks, malware and even ransomware landing in your inbox. BE CAREFUL!
The AACR reported last week that LinkedIn, the popular professional networking website with 400 million members, was also hacked. At the time the company stated it was investigating the hack, LinkedIn.com has has now offered an explanation and steps it has taken to protect users.
LinkedIn.com emailed its members admitting to a previous 2012 hack saying, “On May 17, 2016, we became aware that data stolen from LinkedIn in 2012 was being made available online. This was not a new security breach or hack. We took immediate steps to invalidate the passwords of all LinkedIn.com accounts that we believed might be at risk.”
The email went on to say that “These were accounts created prior to the 2012 breach that had not reset their passwords since that breach. In addition, we are using automated tools to attempt to identify and block any suspicious activity that might occur on LinkedIn accounts. We are also actively engaging with law enforcement authorities.”
LinkedIn stated that it has several dedicated teams working to ensure that it’s member’s information remains secure.