Skip to main content

New details of huge Tumblr data breach reveal possible connection to LinkedIn hackers

The massive scale of a data breach that affected social blogging platform Tumblr has been revealed for the first time.

The Yahoo-owned service admitted it had been hacked in 2013 but refused to divulge how many accounts had been affected. According to security expert Troy Hunt, hackers got away with approximately 65 million Tumblr passwords in total, making it the third-biggest data breach of all time.

Recommended Videos

Even more fascinating, however, is the potential connection between the Tumblr hack and a recently revealed LinkedIn breach. The latter is the current record holder in terms of the amount of data stolen, but Hunt has also drawn parallels to the way that data is being sold online.

In both cases, the passwords extracted by the hacker, or hackers, are all available to the highest bidder on the dark web. Additionally, the listings that Hunt spotted online were all created by the same seller, an account known as “peace_of_mind.” That doesn’t necessarily mean that individual is the person responsible for the breaches, but it is yet another similarity.

There is also a third breach, concerning a once-popular but now defunct social network, which is rumored to be the biggest of them all. It is thought that MySpace was hacked on an unspecified date, possibly during its mid-2000s heyday, and that 360 million records were stolen. The fact that all of these breaches are now coming to light is another indication that the perpetrators may be the same, according to Hunt.

“There are some really interesting patterns emerging here. One is obviously the age; the newest breach of this recent spate is still more than three years old,” states Hunt. “This data has been lying dormant (or at least out of public sight) for long periods of time.”

Security experts are also advising social media companies to go beyond passwords in order to protect their members.

“The breaches at MySpace and LinkedIn are just two more examples highlighting why passwords aren’t sufficient for protecting sensitive data,” Vishal Gupta, CEO of security startup Seclore, told Digital Trends. “Data-centric security solutions are a natural candidate for supplementing the increasingly weakened password. By applying protections at the data level, even if hackers manage to get their hands on sensitive information, the data remains completely unusable.”

It is important to note that Tumblr claims the stolen set of user email addresses all contained salted and SHA1 hashed passwords, which are much harder to crack.

Saqib Shah
Former Digital Trends Contributor
Saqib Shah is a Twitter addict and film fan with an obsessive interest in pop culture trends. In his spare time he can be…
How to deactivate your Instagram account (or delete it)
A person holding a phone with the Instagram app open on it.

Oh, social media. Sometimes it’s just too much, folks.

If you’re finding yourself in a position where shutting down your Instagram account for a period of time sounds good, the people at Meta have made it pretty simple to deactivate it. It’s also quite easy to completely delete your Instagram, although we wouldn’t recommend this latter option if you plan on returning to the platform at a later date.

Read more
Bluesky finally adds a feature many had been waiting for
A blue sky with clouds.

Bluesky has been making a lot of progress in recent months by simplifying the process to sign up while at the same time rolling out a steady stream of new features.

As part of those continuing efforts, the social media app has just announced that users can now send direct messages (DMs).

Read more
Incogni: Recover your privacy and remove personal information from the internet
Incogni remove your personal data from brokers and more

Everything you do while online is tracked digitally. Often connected to your email address or an issued IP, trackers can easily identify financial details, sensitive information like your social security number, demographics, contact details, like a phone number or address, and much more. In many ways, this information is tied to a digital profile and then collated, recorded, and shared via data brokers. There are many ways this information can be scooped up and just as many ways, this information can be shared and connected back to you and your family. The unfortunate reality is that, for most of us, we no longer have any true privacy.

The problem is exacerbated even more if you regularly use social media, share content or images online, or engage in discussions on places like Reddit or community boards. It's also scary to think about because even though we know this information is being collected, we don't necessarily know how much is available, who has it, or even what that digital profile looks like.

Read more