Millions of MySpace & Tumblr users lose email & passwords massive data dump

MySpace and Tumblr have been on the receiving end of a major cyber-attack which has caused both social networks to lose the account details for hundreds of millions of users.

The scale of the raid became apparent when hackers began advertising the details for sale online but it is believed the attack actually took place several years ago and follows close on the heels of a similar breach at LinkedIn where 167m ID’s were traded online earlier last month, together with millions of log-ins for dating site Fling – breached in 2011.

This coincidental timing has sparked debate amongst security analysts as to whether these attacks are linked; perhaps by the same perpetrator or individuals who are in communication.

Of the latest victims MySpace is believed to be the more serious with 360.2m affected accounts which include email addresses and up to two linked passwords. Whilst these passwords were encrypted it is understood that this was weak and the majority have now been read.

Responding to the breach MySpace said in a statement: “We have invalidated all user passwords for the affected accounts created prior to June 11, 2013 on the old MySpace platform.

"MySpace is also using automated tools to attempt to identify and block any suspicious activity that might occur on MySpace accounts. We have also reported the incident to law enforcement authorities and are cooperating to investigate and pursue this criminal act."

Tumblr is believed to have employed a higher standard of encryption making its passwords far harder to crack.

Get The Drum Newsletter

Build your marketing knowledge by choosing from daily news bulletins or a weekly special.