Hackers sell 425 million users’ data on dark web Myspace &Tumblr hacked:


The enormous data set, a reported 427,484,128 passwords, is apparently for sale on the dark website The Real Deal for 6 Bitcoin (roughly $A4,350) Photo: Dimitri Otis

360 million Myspace accounts and 65 million Tumblr accounts, including email addresses, usernames and passwords have turned up for sale on the darkweb, including the private information of Australian users dating back to both sites’ inception.

In what may be one of the biggest breaches of all time, Time Inc, the parent company of Myspace, confirmed it was hacked in June 2013, and that the data has only now appeared for sale.

“Shortly before the Memorial Day weekend, we became aware that stolen Myspace user login data was being made available in an online hacker forum,” the site announced in a blog post.


360 million Myspace accounts have been leaked.

Despite Myspace having only a fraction of the traffic it once enjoyed ten years ago, dormant Myspace accounts created before 2013 have also been compromised, said Time

While Tumblr flagged the breach in 2013, it did not reveal the extent.

Fairfax Media has verified the Myspace hack using an (embarrassing) hotmail address from 2005. That address and the passwords linked to that Myspace account have appeared in the stolen data set.

The danger arises when users link the same password to various accounts, whether they be social media, banking or email accounts. To check if your email address is linked to a breach, visit this website.

The enormous data set, a reported 427,484,128 passwords, is apparently for sale on the dark website The Real Deal for 6 Bitcoin (roughly $A4,350).

News outlet Motherboard has tested a sample of the data, revealing active passwords, suggesting the leak is authentic.

The incident comes the same month that social media platform LinkedIn confirmed 164 million IDs have appeared for sale online as well. The breach occurred in 2012, though only now has the data set emerged for sale. There is some speculation the same hacker is behind both breaches.

While no financial information has been compromised, if users routinely use the same email address and password combination, they are at a high risk of having further personal information compromised.

“It all comes back to whether they’ve been following good password practices or not,” Security researcher Troy Hunt told the BBC.

“If they’ve reused passwords across multiple services – and remember, these breaches date back several years so they need to recall their practices back then – then they may well have other accounts at risk too,” he said.

Myspace has said it is also using automated tools to attempt to identify and block any suspicious activity that might occur on Myspace accounts.

“We have also reported the incident to law enforcement authorities and are cooperating to investigate and pursue this criminal act,” said the site.


Henry Sapiecha

Leave a Reply

Your email address will not be published. Required fields are marked *