Pwned: 65 million Tumblr accounts, 40 million from Fling, 360 million from MySpace (2024)

Pwned: 65 million Tumblr accounts, 40 million from Fling, 360 million from MySpace (1)

byDarlene Storm

news analysis

May 30, 20163 mins

CybercrimeData and Information SecurityPrivacy

That "set" of accounts compromised in the Tumblr hack was actually 65 million. Have I Been Pwned added another 40 million from the 'dating' hookup site Fling. The MySpace hack had more than 360 million email addresses in it.

After signing up for Have I Been Pwned? when Troy Hunt started the site in 2013, I had received no notifications about any account being compromised in a data breach. But then whammo! I get two notifications for two separate breaches in a relatively short time. The one today was about Tumblr, an account I barely remember even signing up for.

Over 65 million Tumblr accounts compromised

Tumblr claimed “a third party had obtained access to a set of Tumblr user email addresses with salted and hashed passwords from early 2013.” The reality, according to the HIBP notification, is that 65,469,298 people were pwned in the Tumblr data breach from February 2013; the compromised data included email addresses and passwords.

In other words, dumped data from another old hack came out of nowhere and jumped to number three inHIBP’stop 10 breaches.

A hacker going by “peace_of_mind” was selling the Tumblr data on the darknet marketplace The Real Deal.

Peace told Motherboard that Tumblr had used SHA1 to hash the passwords and also used salt, making them hard to crack. The data is “essentially just a list of emails” and “he was only able to sell it for $150.”

Over 40 million Fling accounts compromised

Before adding the Tumblr accounts to HIBP, security researcher Troy Hunt reported that he had just added 40,767,652 compromised records from Fling, which is not safe for workor around children if you click on it. The Fling breach dated back to 2011.

“Peace” is also selling the compromised account data from Fling, LinkedIn, Tumblr and MySpace.

Data from mega breaches no longer ‘dormant’

The LinkedIn hack of 2012 supposedly exposed 6.2 million password hashes, but that ended up missing the mark by a tremendous amount since a hacker was selling 167 million LinkedIn user records. 117 million had passwords, which were stored in SHA1 with no salting.

Then there’s more than 65 million accounts compromised from Tumblr and over 40 million from Fling. “This data has been lying dormant (or at least out of public sight) for long periods of time,” Hunt wrote.

Although the total records added to HIBP in the last six days is 269 million, Hunt said all of those latest hacks will “pale in comparison” once he gets hold of and adds the compromised MySpace records.

MySpace hack

The MySpace hack contained over 360 million email addresses in it.

LeakedSource reported the “data set contains 360,213,024 records. Each record may contain an email address, a username, one password and in some cases a second password. Of the 360 million, 111,341,258 accounts had a username attached to it and 68,493,651 had a secondary password.”

The data, which had been provided by “Tessa88,” included 427,484,128 total passwords that were stored in SHA1 with no salting. Sadly, “very few passwords were over 10 characters in length (in the thousands) and nearly none contained an upper case character.” MySpace had chosen not to respond when contacted, so LeakedSource has included a list of top passwords as well as the top email domains.

LeakedSource, which has accumulated over 1.6 billion records, has search capabilities. If you find your personal information in the leaked databases, you can contact LeakedSource and ask for it to be “removed free of charge.”

This “trend” of data being sold from really old hacks has Hunt “really curious.” He wrote, “Even if these events don’t all correlate to the same source and we’re merely looking at coincidental timing of releases, how many more are there in the ‘mega’ category that are simply sitting there in the clutches of various unknown parties?”

Related content

  • newsMeta signals the end of the road for Workplace The enterprise social network was used by millions of workers, but a shift in Meta’s priorities means the app will be phased out over the next two years.ByMatthew FinneganMay 15, 20243 minsFacebookCollaboration SoftwareProductivity Software
  • newsSoon, you’ll control your iPhone with a glance Apple has announced a range of accessibility features including Eye Tracking, Music Haptics, and more.ByJonny EvansMay 15, 20245 minsiPhoneiPadApple
  • newsOpenAI chief scientist Ilya Sutskever is leaving Sutskever pushed for CEO Sam Altman’s departure last year, putting him in an awkward position after Altman’s return.ByGyana SwainMay 15, 20243 minsGenerative AITechnology Industry


From our editors straight to your inbox

Get started by entering your email address below.

Pwned: 65 million Tumblr accounts, 40 million from Fling, 360 million from MySpace (2024)


What information was stolen from MySpace? ›

As reported in USA Today at the time of the Myspace breach, the data was limited to usernames, passwords and email addresses from the platform prior to June 11, 2013, when the site was relaunched with stronger account security.

Has Tumblr been hacked? ›

Personal information from more than 65m Tumblr accounts has been discovered for sale on the darknet. Tumblr disclosed the leak, which it says took place in early 2013, this month, but had not previously acknowledged the scale of the database that was compromised.

Have I been pwned safe? ›

How do I know the site isn't just harvesting searched email addresses? You don't, but it's not. The site is simply intended to be a free service for people to assess risk in relation to their account being caught up in a breach. As with any website, if you're concerned about the intent or security, don't use it.

Was Norton LifeLock hacked? ›

When Did This Breach Occur? The Norton LifeLock data breach occurred on December 1, 2022. At that time, an individual attempted to get into LifeLock customer accounts to take control of all their account information.

Does your old Myspace account still exist? ›

How to find your old Myspace profile. It's simple. Search for and then enter your name into their search bar - hey presto, there's your old profile. You do not need to know your old password or create a new password to access any "public" accounts.

How do I recover an old Myspace account? ›

If you forgot the email address you used to sign up with Myspace, you can use your Username to log into the account. You will be required to enter a password. If you don't remember your password, try Forgot Password.

Can Tumblr track you? ›

Tumblr may determine your location by using drone technology and live video feeds.

Why did everyone stop using Tumblr? ›

Tumblr's adult content ban

The decision, intended to broaden appeal, alienated a significant portion of the remaining user base. Many saw it as a betrayal of Tumblr's core values of openness and self-expression, arguing that adult content was an integral part of the platform's identity and community.

Is it bad to use Tumblr? ›

Rating: The dangers of Tumblr are essentially the same as every other major social media platform. It's not hard to find sexual content (more on that in a moment), violence, and cyberbullying. Additionally, Tumblr has gotten a bad rap for being the place to find self-harm and suicidal content in a glorified context.

Where can I check if I have been hacked? ›

Check your social media, email, and other accounts for suspicious logins or devices that you don't recognize. For example, you can use Google's Activity Log to see if anyone is logged into your Gmail account and then force them to sign out.

Is Have I Been Pwned free? ›

Anyone can access our Website and use our Free Services. However, you will not be able to access and use our Paid Services unless you purchase a Subscription. The Services and bundles we offer are available for your review and selection on our Website.

Was my phone number leaked? ›

How To Check If My Phone Number Is Leaked. Go to ID Protection Data Leak Checker and find out if your phone number appeared in any data leaks.

What is the mother of all breaches? ›

What are the 26 billion records breached? The 2024 massive breach, known as the Mother of All Breaches (MOAB), encompasses many data types, including usernames, passwords, and sensitive personal information.

What happened to NortonLifeLock? ›

NortonLifeLock and Avast recently merged to become one company and we have a new company name, Gen. Gen (NASDAQ: GEN) is a global company dedicated to powering Digital Freedom through its trusted Cyber Safety brands, Norton, Avast, LifeLock, Avira, AVG, ReputationDefender and CCleaner.

Does Norton 360 protect your phone from hackers? ›

Norton 360 for Mobile helps safeguard your Apple or Android devices against the threats posed by malware, hackers, and dangerous websites. Plus, it features a built-in VPN to keep your online activity secure and a dark web monitoring component to help alert you if your personal information is found on the dark web.

What is the 26 billion leaked data records? ›

A massive data breach leaked more than 26 billion records online, exposing information from some of the most-visited websites on the web. The team at, along with cyber researcher Bob Dyachenko, discovered those records.

What happened to the data from MySpace? ›

But buckle up millennials, because we've got some devastating news: Myspace has revealed that "any photos, videos, and audio files you uploaded more than three years ago" may well have been wiped after a server migration caused a massive data loss.

How many accounts suffered in MySpace data breach? ›

How many accounts were compromised? The breach impacted approximately 360 million user accounts, making it one of the largest data breaches at the time.

Who hacked MySpace 2016? ›

Myspace also confirmed that the hack is being attributed to the Russian cyberhacker who goes by the name “Peace.” This is the same person responsible for the LinkedIn and Tumblr attacks, too. In Tumblr's case, some 65 million plus accounts were affected.

Top Articles
Latest Posts
Article information

Author: Lilliana Bartoletti

Last Updated:

Views: 5651

Rating: 4.2 / 5 (53 voted)

Reviews: 84% of readers found this page helpful

Author information

Name: Lilliana Bartoletti

Birthday: 1999-11-18

Address: 58866 Tricia Spurs, North Melvinberg, HI 91346-3774

Phone: +50616620367928

Job: Real-Estate Liaison

Hobby: Graffiti, Astronomy, Handball, Magic, Origami, Fashion, Foreign language learning

Introduction: My name is Lilliana Bartoletti, I am a adventurous, pleasant, shiny, beautiful, handsome, zealous, tasty person who loves writing and wants to share my knowledge and understanding with you.