The hacker who launched the attack on LinkedIn in 2012 to sell user data on the dark web has allegedly stolen 65 million Tumblr emails and passwords. The data was obtained as a result of the 2013 attack, before its acquisition by Yahoo, Tumblr said, without giving out a specific number.
Users are not warned of potential malware attacks, but are advised to use stronger passwords.
“Our analysis gives us no reason to believe that this information was used to access Tumblr accounts. As a precaution, however, we will be requiring affected Tumblr users to set a new password,” the press release says.
Known on the dark web as “peace_of_mind” or “Peace,” the hacker is selling the data he got from Tumblr for around half a bitcoin. It’s unknown why information collected years ago would be sold now, but as a precaution, users can go to Have I been pwned and check if their email or password has been included on any of the top 10 breaches’ leaked lists.
After the attempt to sell the 164 million unique email addresses from the LinkedIn breach and data from 65 million Tumblr users, a bid was launched for the 427 million passwords and 360 million emails stolen in the unreported MySpace breach from a few years ago. Peace is selling it on the dark web for 6 bitcoins.
LeakedSource, a hacked data search engine, has been going back and forth regarding the origin of their 1.6 billion leaked records and to their senders. When asked about the MySpace breach, they wrote they don’t know who should be held responsible, but “once data gets traded a few times, eventually it will make its way to somebody who is not trustworthy to keep it a secret, and then it will spread like branches of a tree.”