Skip to main content

New details of huge Tumblr data breach reveal possible connection to LinkedIn hackers

A pair of hands on a laptop keyboard with two displays.
The massive scale of a data breach that affected social blogging platform Tumblr has been revealed for the first time.

The Yahoo-owned service admitted it had been hacked in 2013 but refused to divulge how many accounts had been affected. According to security expert Troy Hunt, hackers got away with approximately 65 million Tumblr passwords in total, making it the third-biggest data breach of all time.

Even more fascinating, however, is the potential connection between the Tumblr hack and a recently revealed LinkedIn breach. The latter is the current record holder in terms of the amount of data stolen, but Hunt has also drawn parallels to the way that data is being sold online.

In both cases, the passwords extracted by the hacker, or hackers, are all available to the highest bidder on the dark web. Additionally, the listings that Hunt spotted online were all created by the same seller, an account known as “peace_of_mind.” That doesn’t necessarily mean that individual is the person responsible for the breaches, but it is yet another similarity.

There is also a third breach, concerning a once-popular but now defunct social network, which is rumored to be the biggest of them all. It is thought that MySpace was hacked on an unspecified date, possibly during its mid-2000s heyday, and that 360 million records were stolen. The fact that all of these breaches are now coming to light is another indication that the perpetrators may be the same, according to Hunt.

“There are some really interesting patterns emerging here. One is obviously the age; the newest breach of this recent spate is still more than three years old,” states Hunt. “This data has been lying dormant (or at least out of public sight) for long periods of time.”

Security experts are also advising social media companies to go beyond passwords in order to protect their members.

“The breaches at MySpace and LinkedIn are just two more examples highlighting why passwords aren’t sufficient for protecting sensitive data,” Vishal Gupta, CEO of security startup Seclore, told Digital Trends. “Data-centric security solutions are a natural candidate for supplementing the increasingly weakened password. By applying protections at the data level, even if hackers manage to get their hands on sensitive information, the data remains completely unusable.”

It is important to note that Tumblr claims the stolen set of user email addresses all contained salted and SHA1 hashed passwords, which are much harder to crack.

Editors' Recommendations

Saqib Shah
Former Digital Trends Contributor
Saqib Shah is a Twitter addict and film fan with an obsessive interest in pop culture trends. In his spare time he can be…
British Airways hit with a massive fine for 2018 data breach
british airways cabin crew given ipads

A data breach in 2018 that saw hackers steal personal data belonging to hundreds of thousands of British Airways customers has cost the company nearly 184 million British pounds (about $230 million), making it the biggest fine ever imposed for an incident of this kind.

The U.K.’s Information Commissioner’s Office (ICO) said it handed down the fine for breaches of data protection law that it said resulted from “poor security arrangements” at the company.

Read more
LinkedIn: Now you can express love, curiosity, and more with new Reactions
The LinkedIn logo is seen on an android mobile phone.

LinkedIn likes to go at its own pace. In 2018, the social network for professionals finally got around to launching its own version of Snapchat’s Stories (not that it had to, of course) while in February it managed to knock together a live video tool, albeit in beta and by invitation only.

This week, three years after Facebook did something similar, LinkedIn has seen fit to add more reactions alongside its "like" button, giving you more ways to express how you feel about posts that turn up in your feed.

Read more
Hackers target major airline in data breach affecting nearly 10M customers
cathay pacific hack hits nearly 10 million of its customers a boeing 777 300 aircraft seen at the gate in

Cathay Pacific has revealed details of a massive hack that has seen the personal data of nearly 10 million of its customers stolen.

The major international airline, which operates out of Hong Kong and flies to seven U.S. cities, said on Wednesday, October 24 that it had discovered unauthorized access "to some of its information systems containing passenger data of up to 9.4 million people."

Read more