Skip to main content

New details of huge Tumblr data breach reveal possible connection to LinkedIn hackers

A pair of hands on a laptop keyboard with two displays.
Image used with permission by copyright holder
The massive scale of a data breach that affected social blogging platform Tumblr has been revealed for the first time.

The Yahoo-owned service admitted it had been hacked in 2013 but refused to divulge how many accounts had been affected. According to security expert Troy Hunt, hackers got away with approximately 65 million Tumblr passwords in total, making it the third-biggest data breach of all time.

Even more fascinating, however, is the potential connection between the Tumblr hack and a recently revealed LinkedIn breach. The latter is the current record holder in terms of the amount of data stolen, but Hunt has also drawn parallels to the way that data is being sold online.

In both cases, the passwords extracted by the hacker, or hackers, are all available to the highest bidder on the dark web. Additionally, the listings that Hunt spotted online were all created by the same seller, an account known as “peace_of_mind.” That doesn’t necessarily mean that individual is the person responsible for the breaches, but it is yet another similarity.

There is also a third breach, concerning a once-popular but now defunct social network, which is rumored to be the biggest of them all. It is thought that MySpace was hacked on an unspecified date, possibly during its mid-2000s heyday, and that 360 million records were stolen. The fact that all of these breaches are now coming to light is another indication that the perpetrators may be the same, according to Hunt.

“There are some really interesting patterns emerging here. One is obviously the age; the newest breach of this recent spate is still more than three years old,” states Hunt. “This data has been lying dormant (or at least out of public sight) for long periods of time.”

Security experts are also advising social media companies to go beyond passwords in order to protect their members.

“The breaches at MySpace and LinkedIn are just two more examples highlighting why passwords aren’t sufficient for protecting sensitive data,” Vishal Gupta, CEO of security startup Seclore, told Digital Trends. “Data-centric security solutions are a natural candidate for supplementing the increasingly weakened password. By applying protections at the data level, even if hackers manage to get their hands on sensitive information, the data remains completely unusable.”

It is important to note that Tumblr claims the stolen set of user email addresses all contained salted and SHA1 hashed passwords, which are much harder to crack.

Editors' Recommendations

Saqib Shah
Former Digital Trends Contributor
Saqib Shah is a Twitter addict and film fan with an obsessive interest in pop culture trends. In his spare time he can be…
British Airways hit with a massive fine for 2018 data breach
british airways cabin crew given ipads

A data breach in 2018 that saw hackers steal personal data belonging to hundreds of thousands of British Airways customers has cost the company nearly 184 million British pounds (about $230 million), making it the biggest fine ever imposed for an incident of this kind.

The U.K.’s Information Commissioner’s Office (ICO) said it handed down the fine for breaches of data protection law that it said resulted from “poor security arrangements” at the company.

Read more
LinkedIn: Now you can express love, curiosity, and more with new Reactions
The LinkedIn logo is seen on an android mobile phone.

LinkedIn likes to go at its own pace. In 2018, the social network for professionals finally got around to launching its own version of Snapchat’s Stories (not that it had to, of course) while in February it managed to knock together a live video tool, albeit in beta and by invitation only.

This week, three years after Facebook did something similar, LinkedIn has seen fit to add more reactions alongside its "like" button, giving you more ways to express how you feel about posts that turn up in your feed.

Read more
X CEO reveals video calls are coming to the app formerly known as Twitter
The new X sign replacing the Twitter logo on the company's headquarters in San Francisco.

X, formerly Twitter, is to get video calling as part of ongoing efforts to turn the platform into a so-called “everything app” offering a broad range of services.

X CEO Linda Yaccarino announced the news during an interview with CNBC on Thursday.

Read more