That "set" of account compromised in the Tumblr hack has been really 65 million. Perhaps I Been Pwned added another 40 million from the ‘dating’ hookup site Fling.com. The MySpace hack had over 360 million email addresses inside.
Your message has been sent.
There was a mistake emailing this page.
After Registering for Have I Been Pwned? When Troy Hunt began the site in 2013, I had received no alarms about any account being compromised at a data breach. But then whammo! I get two alarms for two separate breaches in a relatively short time. The one today was about Tumblr, an account I hardly remember even registering for.
Over 65 million Tumblr balances compromised.
Tumblr maintained "a third party had got access to a set of Tumblr user email addresses using salted and hashed passwords from ancient 2013. " The reality, as stated by the HIBP notification, is that 65,469,298 individuals were pwned in the Tumblr data breach from February 2013; the compromised data contained email addresses and addresses.
To put it differently, dumped data from the other old hack came out of nowhere and jumped to number three at HIBP’s top 10 breaches.
Peace told Motherboard that Tumblr had used SHA1 to hash the passwords and used salt, which makes them difficult to crack. The data is "basically just a list of mails " and "he was only able to sell it for $150. "
Over 40 million Fling.com balances compromised.
Before adding the Tumblr accounts to HIBP, safety researcher Troy Hunt reported that he had just added 40,767,652 compromised records from Fling.com, which is not safe for work or around kids if you click it. The Fling.com breach dated back to 2011.
"Peace" can also be selling the compromised account data from Fling.com, LinkedIn, Tumblr and MySpace.
Information from mega breaches no longer ‘dormant’
The LinkedIn hack 2012 supposedly exposed 6.2 million password hashes, but that ended up missing the mark by a huge amount as a https://mynaughtyaffair.com/fling-com hacker was selling 167 million LinkedIn consumer records. 117 million had passwords, which were saved in SHA1 free of salting.
Afterward there’s over 65 million accounts endangered by Tumblr and over 40 million from Fling.com. "This data has been lying dormant (or out of public sight) for long intervals," Hunt wrote.
Although the total records inserted to HIBP in the previous six days is 269 million, Hunt stated all of the latest hacks will "light in comparison" when he gets hold of and provides the compromised MySpace records.
The MySpace hack comprised over 360 million email addresses inside.
LeakedSource reported the "data set comprises 360,213,024 records. Each record may include an email address, a username, one password and in some cases a password. Of the 360 million, 111,341,258 accounts needed a username attached to it and 68,493,651 needed a secondary password. "
The data, which had been provided by "Tessa88," included 427,484,128 total passwords which were saved in SHA1 free of salting. Sadly, "very few passwords were more than 10 characters in length (in the thousands) and nearly none comprised an upper case character. " MySpace had chosen to not respond when contacted, therefore LeakedSource has included a list of top passwords as well as the top email domains.
LeakedSource, that has accumulated over 1.6 billion recordings, has search capabilities. If you locate your personal info in the leaked databases, you can contact LeakedSource and request for it to be "removed free of charge. "
This "trend" of data being marketed from old hacks has Hunt "really interested. " He composed, "Even if these occasions don’t all correlate to the identical origin and also we ‘re merely considering that timing of releases, how many more are there at the ‘mega’ category which are sitting there in the clutches of various unknown parties? "
Darlene Storm (not her real name) is a freelance writer with a background in information technology and information security.