MySpace and Tumblr Leak Data in Same Week

In the early and mid 2000s, MySpace reigned as the leader in social media. The company served hundreds of millions of users in connecting with friends and updating their own personal walls with countless themes and customizing elements. As of recent, MySpace has transitioned into a music focused network after a re-release spear headed by co-owner Justin Timberlake in 2013. While the new site has drawn in about 40 million new users, this recent data leak has targeted accounts created before this 2013 pivot.

The recent MySpace hack can be considered one of the worst breaches of all time solely due to the sheer number of profiles with contents released. It is estimated that upwards of 360 million former MySpace users had information tied to their accounts leaked. Of that set of users, 427 million account passwords were also leaked due to the ability to duplicate passwords for individual accounts. Information including usernames, emails, and passwords were all included in the initial breach. Time Inc., the holding company of MySpace as of February 2016, made a statement in regards to the security threat. Time Inc. CFO Jeff Bairstow was noted saying that the company’s “information security and privacy teams [are] doing everything [they] can to support the Myspace team.”

Additionally this week, the very popular social media site Tumblr also fell victim to a data breach. The blogging company was acquired by Yahoo in 2013, and eerily similar to the MySpace breech, all leaked information was taken before 2013 and before either company made a new announcement o acquisition. All of the passwords that were leaked, 65 million in total, were hashed with additional bytes added to the end of each string, or “salted” as Tumblr likes to call it. This can give a sense of relief to any users out there as their information is not in plain text and readily available to anyone.

The hacker, who identifies by the name “Peace”, apparently attempted to sell information taken in his hack to the Dark Web. Luckily, because of Tumblr’s intense hashing and salting of passwords, this hacker could only hand out a list of about 65 million email addresses as the passwords were just too difficult to crack. This is seen as another one of the largest data hacks in history.

PhishTrain urges all users to keep constant care of their passwords as they can be quite easy to steal. All social media enthusiasts must keep all passwords safe and reliable so they can be remembered easily, but still contain a fair mix of characters. Hopefully none of our readers were involved in these breaches!

-Team PhishTrain