Now, it’s happening again, only this time, Tumblr and MySpace are the victims. Both suffered data breaches in 2012 and 2013, and at the time, company officials estimated the impact to be just a few million records, all told. The same hacker selling the 167 million LinkedIn records has just posted another database containing account details (email addresses, passwords, etc.) for more than 269 million Tumblr and MySpace accounts.
No one is quite sure why the hacker, who goes by the ironic handle “Peace_of_Mind,” waited so long before putting the records up for sale, but security experts fear that this might just be the beginning. If these three high profile hacks were so much larger in scope and scale than anyone predicted, how many others might there be, and how many records might actually surface?
At the moment, no one knows the answers to those questions, but security experts are prowling the Dark Web in search of clues and indications. For now, if you use either Tumblr or MySpace (or LinkedIn, for that matter), the first, best thing you can do is to change your password immediately. If you’re in the habit of using the same password across multiple sites, you should change all of those passwords as well. If you don’t, a hacker armed with your “Master Password” could steal your identity, your money, and do a great deal of other potential harm. It’s simply not worth the risk. Read What You Should Know About Passwords.