14 Aug Why It’s Easier To Fail With WellHello Than You Might Think
This "set" of account compromised from the Tumblr hack was really 65 million. Perhaps I Been Pwned added yet another 40 million in the ‘dating’ hookup site WellHello. The MySpace hack had more than 360 million email addresses in it.
Your message has been sent.
There was an error emailing this page.
After signing up for Have I Been Pwned? When Troy Hunt began the site from 2013, I had received no notifications about any account being compromised at a data breach. I get two notifications for 2 individual breaches in a relatively brief time. The one today was about Tumblr, an account I barely remember even registering for.
More than 65 million Tumblr accounts compromised.
Tumblr maintained "a third party had got access to some set of Tumblr user email addresses using salted and hashed passwords from ancient 2013. " The truth is, according to the HIBP notification, is that 65,469,298 individuals were pwned from the Tumblr data breach from February 2013; the compromised data contained email addresses and addresses.
To put it differently, dumped data from another old hack came out of nowhere and jumped WellHello review to number three at HIBP’s top 10 breaches.
Peace told Motherboard that Tumblr had utilized SHA1 to hash the passwords and also used salt, making them hard to crack. The data is "essentially only a list of mails " and "he was only able to sell it for $150. "
More than 40 million WellHello accounts compromised.
Before adding the Tumblr accounts to HIBP, safety researcher Troy Hunt reported he had only added 40,767,652 compromised records from WellHello, which is not safe for work or about children if you click on it.
Information from mega breaches no more ‘dormant’
The LinkedIn hack of 2012 supposedly exposed 6.2 million password hashes, but ended up missing the mark with a tremendous amount since a hacker was selling 167 million LinkedIn consumer records. 117 million had passwords, which were saved in SHA1 free of salting.
Then there’s more than 65 million accounts compromised from Tumblr and over 40 million in WellHello. "This data has been lying dormant (or at least out of public sight) for long periods of time," Hunt wrote.
Although the overall records inserted to HIBP in the last six times is 269 million, Hunt stated all of those hottest hacks will "pale compared " once he gets hold of and provides the compromised MySpace records.
The MySpace hack comprised over 360 million email addresses in it.
LeakedSource reported that the "data set contains 360,213,024 records. Each document may contain an email address, a username, one password and in some cases a password. Of the 360 million, 111,341,258 accounts needed a username attached to it and 68,493,651 needed a secondary password. "
The data, which was supplied by "Tessa88," comprised 427,484,128 total passwords that were saved in SHA1 free of salting. " MySpace had chosen to not respond when contacted, so LeakedSource has comprised a listing of top Accounts as well as the top email domains.
LeakedSource, that has accumulated over 1.6 billion recordings, has research capabilities. If you locate your personal information in the leaked databases, you can contact LeakedSource and ask for it to be "removed at no charge. "
This "trend" of data being marketed from really old hacks has Hunt "really curious. " He wrote, "Even if these events don’t correlate to the identical source and we’re merely looking at that timing of releases, just how many more are there at the ‘mega’ category that are sitting there in the clutches of various parties that are unknown? "
Darlene Storm (not her real name) is a freelance writer with a background in information technology and information security.