The black market continues to surge with social media user credentials, with 360 million Myspace and 65 million Tumblr email addresses and passwords posted for sale earlier this week.
Both batches of information originate from 2013 hacks of the respective sites and have stark similarities to last month's sale of 117 million LinkedIn accounts.
And while the hack of social-media-dinosaur Myspace may seem insignificant, there is one primary threat current, former and inactive members face.
Reused passwords.
The hacker responsible is seeking $2,800 for Myspace data and $150 for the Tumblr batch. Tumblr's bargain price tag is largely due to their advanced password encryption.
Unlike Myspace, Tumblr's passwords are salted and hashed, which makes them harder to crack.
But hackers aren't interested in cracking the code just to access your Myspace and Tumblr accounts. Instead, their goal is to test these cracked passwords on more lucrative websites - like email providers, financial services or other social media sites - in hopes you reused the same credentials across multiple sites.
If you are one of the nearly 3 out of 4 consumers that reuse passwords, this should be your primary concern.
What should you do?
Account compromise, phishing emails and reused passwords make these hacks incredibly pertinent - despite the age and inactivity of many Myspace and Tumblr accounts.
It's unclear if users who deleted their accounts prior to 2013 are included in this batch of sensitive data.
All current and former Myspace and Tumblr users should take the following precautions to secure their online accounts.
- Change your password
Passwords should be at least eight characters long and include a complex mix of letters, numbers and symbols. Change your password frequently and never use the same password across multiple accounts. If you fear or know that your Myspace or Tumblr password was reused on other sites, change those as well. - Watch for phishing emails
Targeted phishing attacks are expected to follow due to the exposure of email addresses. Never provide account information via email and be hesitant to click on links within them, especially if the email appears to be from Myspace or Tumblr. - Delete inactive accounts
Old accounts still hold a plethora of information that any cybercriminal would love to get their hands on. If you no longer use a particular online account, delete your account to ensure your information will not be exposed if the associated website were to ever suffer data breach.
Tumblr users can find additional information on safeguarding their information by visiting our Tumblr Privacy Settings Tutorial.