Você se lembra do hacker que recebeu o apelido de Peace, que ofereceu recentemente à venda 117 milhões de credenciais do Linkedin? O hacker agora está fazendo o mesmo com 65,469,298 milhões de senhas com hash e salgadas, junto com os endereços de email, of Tumblr users. The credentials are from a 2013 violação de dados, prior to the acquisition of Tumblr by Yahoo. According to well-known researcher Troy Hunt, creator of the Have I Been Pwned project, the credentials were obtained during February 2013.
Tumblr released a statement earlier this month, em maio 12, but didn’t specify the number of users affected:
We recently learned that a third party had obtained access to a set of Tumblr user email addresses with salted and hashed passwords from early 2013, prior to the acquisition of Tumblr by Yahoo. As soon as we became aware of this, our security team thoroughly investigated the matter. Our analysis gives us no reason to believe that this information was used to access Tumblr accounts. As a precaution, Contudo, we will be requiring affected Tumblr users to set a new password.
The stolen user database is up for sale for pennies, de novo. Peace is offering it for 0.4255 Bitcoin. Even though it’s relatively hard to break the passwords, it’s still quite bothersome that 65 million email addresses are made available to hackers. Phishing and spam are just two out of many possible outcomes that may endanger Tumblers’ personal information.
What Do All Recent Data Breaches (LinkedIn, Meu espaço, Fling, and Now Tumblr) Have In Common?
All of these data incidents took place several years ago, but their consequences are only beginning to reveal today. Troy Hunt wrote a whole peace on the matter, intitulado The emergence of historical mega breaches. além disso, affected parties systematically fail to warn their users or take matters in their hands as quickly as possible. Data breach prevention should be their top priority but is in fact more of a taboo.
There are some really interesting patterns emerging here. One is obviously the age; the newest breach of this recent spate is still more than 3 anos. This data has been lying dormant (or at least out of public sight) for long periods of time.
The other is the size and these 4 breaches [LinkedIn, Meu espaço, Tumblr, Fling] are all in the top 5 largest ones HIBP [Fui sacaneado] has ever seen. That’s out of 109 breaches to date, também. Não apenas isso, mas estes 4 incidents account for two thirds of all the data in the system, or least they will once MySpace turns up.
- The truth about all of these breaches became public within a month;
- The incidents happened in the past;
- The vendors failed to react accordingly;
- The leaked data is up for sale on the black market.
What does Troy Hunt think about all of these coincidences?
If this indeed is a trend, where does it end? What more is in store that we haven’t already seen? And for that matter, even if these events don’t all correlate to the same source and we’re merely looking at coincidental timing of releases, how many more are there in the “mega” category that are simply sitting there in the clutches of various unknown parties?