Not long ago, we learned that last year’s high profile LinkedIn hack was much bigger than initially thought. When the hack occurred, the company assured its user base that it was limited in scope to some 6.3 million user accounts (LinkedIn has some 400 million users all told, which made this a serious breach, but not one that impacted a majority of LinkedIn’s user base). Then it came to light that the actual scale of the LinkedIn breach was closer to 167 million user accounts, when a database containing the hacked material showed up for sale on the Dark Net.
Now, it’s happening again, only this time, Tumblr and MySpace are the victims. Both suffered data breaches in 2012 and 2013, and at the time, company officials estimated the impact to be just a few million records, all told. The same hacker selling the 167 million LinkedIn records has just posted another database containing account details (email addresses, passwords, etc.) for more than 269 million Tumblr and MySpace accounts.
No one is quite sure why the hacker, who goes by the ironic handle “Peace_of_Mind,” waited so long before putting the records up for sale, but security experts fear that this might just be the beginning. If these three high profile hacks were so much larger in scope and scale than anyone predicted, how many others might there be, and how many records might actually surface?
At the moment, no one knows the answers to those questions, but security experts are prowling the Dark Web in search of clues and indications. For now, if you use either Tumblr or MySpace (or LinkedIn, for that matter), the first, best thing you can do is to change your password immediately. If you’re in the habit of using the same password across multiple sites, you should change all of those passwords as well. If you don’t, a hacker armed with your “Master Password” could steal your identity, your money, and do a great deal of other potential harm. It’s simply not worth the risk.