Millions of MySpace & Tumblr users lose email & passwords massive data dump

MySpace and Tumblr have been on the receiving end of a major cyber-attack which has caused both social networks to lose the account details for hundreds of millions of users.

The scale of the raid became apparent when hackers began advertising the details for sale online but it is believed the attack actually took place several years ago and follows close on the heels of a similar breach at LinkedIn where 167m ID’s were traded online earlier last month, together with millions of log-ins for dating site Fling – breached in 2011.

This coincidental timing has sparked debate amongst security analysts as to whether these attacks are linked; perhaps by the same perpetrator or individuals who are in communication.

Of the latest victims MySpace is believed to be the more serious with 360.2m affected accounts which include email addresses and up to two linked passwords. Whilst these passwords were encrypted it is understood that this was weak and the majority have now been read.

Responding to the breach MySpace said in a statement: “We have invalidated all user passwords for the affected accounts created prior to June 11, 2013 on the old MySpace platform.

"MySpace is also using automated tools to attempt to identify and block any suspicious activity that might occur on MySpace accounts. We have also reported the incident to law enforcement authorities and are cooperating to investigate and pursue this criminal act."

Tumblr is believed to have employed a higher standard of encryption making its passwords far harder to crack.

Join us, it's free.

Become a member to get access to:

  • Exclusive Content
  • Daily and specialised newsletters
  • Research and analysis

Join us, it’s free.

Want to read this article and others just like it? All you need to do is become a member of The Drum. Basic membership is quick, free and you will be able to receive daily news updates.