A total of 360 million MySpace accounts and 65 million Tumblr accounts have been hacked and put up on the Dark Web for sale; other details have also been listed on the hidden marketplace including emails, usernames, and passwords.
Private information belonging to Australian users dating back to the inception of these sites has as well been advertised.
In what will probably go down in history as the largest ever data breach to occur, MySpace’s parent company, Time Inc., confirmed that indeed there was hacking done in June 2013, but the hacked data has only appeared recently on the Dark Web for purchase.
MySpace officials first became aware of these activities shortly before the Memorial Day weekend; this was when they discovered stolen user login information was being offered in an online forum for hackers.
On the other hand, while Tumblr reported a data leakage at roughly the same time in 2013.
They also didn’t give specifics as to its general extent, leaving most users guessing on whether their accounts had been affected or not.
This particular account and all passwords related to it have been posted on the Dark Web as stolen data set.
The problem arises when online users link one password to multiple accounts, whether through social media, online banking or email platforms.
This large data set consists of approximately 427,484,128 passwords and is on sale at the Dark Web site known as The Real Deal at only 6 BTC, which is equivalent to $A4,350.
Already sample tests have been done on some of the data, showing active passwords and suggesting that the leakage is real.
Recently, the social network site LinkedIn also confirmed that 164 million users’ IDs had been posted for sale online.
With the data breach occurring much earlier in 2012, though, it is only now that it has emerged for purchase on the Dark Web.
There is ample wide speculation that the same hacker involved in this LinkedIn breach is also responsible for the Tumblr and MySpace breaches.
Whereas no financial data has been compromised, if users continue applying the same email address and password combinations, they stand a higher risk of having more of their private details compromised.
Security researcher Troy Hunt says that it all comes down to whether one has been applying safe password protection procedures or not.
If a person is reusing the same password across multiple platforms, they stand a greater chance of having their accounts infiltrated.
Following this Dark Web data exposure, MySpace has mentioned that they are planning to use automated tools in an attempt to identify and block all suspicious activity that may occur on various user accounts.
They have also reported the incident to authorities and are actively cooperating with them to investigate as well as pursue this criminal activity.
One of the leads authorities have is that the hacker calls himself “Peace” on a certain online hacker forum.