Hackers Hope Your Old Myspace Account Is the Key to Your Finances

Myspace and Tumblr Hack

UPDATE: Mashable reports that a security researcher named Thomas White, also known as TheCthulhu on Twitter, consolidated 427 million stolen Myspace passwords into an available download on the Internet. According to the news source, the download was so popular that the server White used to hold the passwords crashed on July 1. 

What should you do?

  • Change your email and password. Using the same email/password combination for other sites could potentially allow fraudsters access into other personal accounts. 
  • Check if your information has been found on the Internet by visiting HaveIBeenPwned.com
  • Create secure passwords. Utilize our password tool to test the strength of your passwords.

What happened?  

The black market continues to surge with social media user credentials as 360 million Myspace and 65 million Tumblr email addresses and passwords are posted for sale.

Both batches of information originate from 2013 hacks of the respective sites and have stark similarities to last month’s sale of 117 million LinkedIn accounts.

While the hack of social-media-dinosaur Myspace may seem rather insignificant, there’s one primary threat current, former and inactive members face…

Reused passwords.

The hacker responsible, who assumes the alias Peace, is seeking $2,800 for Myspace data and $150 for the Tumblr batch. Tumblr’s bargain price tag is largely due to their advanced password encryption.

Unlike Myspace, Tumblr’s passwords are salted and hashed, which makes them harder to crack.

But hackers aren’t interested in cracking the code just to access your Myspace and Tumblr accounts. Instead, their goal is to test these cracked passwords on more lucrative websites – like email providers, financial services or other social media sites — in hopes you reused the same credentials across multiple sites.

If you are one of the nearly 3 out of 4 consumers that reuse passwords, this should be your primary concern.

What should you do?

Account compromise, phishing emails and reused passwords make these hacks incredibly pertinent — despite the age and inactivity of many Myspace and Tumblr accounts.

It is unclear if users who deleted their accounts prior to 2013 are included in this batch of sensitive data. All current and former Myspace and Tumblr users should take the following precautions to secure their online accounts.

  1. Change your password
    Passwords should be at least eight characters long and include a complex mix of letters, numbers and symbols. Change your password frequently and never use the same password across multiple accounts. If you fear or know that your Myspace or Tumblr password was reused on other sites, change those as well.
  2. Watch for phishing emails
    Targeted phishing attacks are expected to follow due to the exposure of email addresses. Never provide account information via email and be hesitant to click on links within them, especially if the email appears to be from Myspace or Tumblr.
  3. Delete inactive accounts
    Old accounts still hold a plethora of information that any cybercriminal would love to get their hands on. If you no longer use a particular online account, delete your account to ensure your information will not be exposed if the associated website were to ever suffer data breach.

Tumblr users can find additional information on safeguarding their information by visiting our Tumblr Privacy Settings Tutorial.

Fighting Identity Crimes will keep you updated as new information becomes available about the Myspace and Tumblr data breaches. Be sure to subscribe to our blog to stay up to date with the latest identity theft and fraud news.

The views and opinions expressed in this article are those of EZShield Inc. alone and do not necessarily reflect the opinions of any other person or entity, including specifically any person or entity affiliated with the distribution or display of this content.

John is Corporate Counsel and Chief Privacy Officer of Sontiq, the parent company of the EZShield and IdentityForce brands. He is a Certified Compliance...
Read more about John Burcham.

Leave a Comment.