Home >> Technology

Cluster of 'megabreaches' compromises 642 million passwords

At least three more breaches have been discovered by security researchers involving MySpace, Tumblr, and dating website Fling, less than two weeks after over 177 million LinkedIn user passwords were compromised.

Cluster of 'megabreaches' compromises 642 million passwords

The security researchers said the total number of compromised accounts is now over 642 million.

"Any one of these 4 I'm going to talk about on their own would be notable, but to see a cluster of them appear together is quite intriguing," security researcher Troy Hunt observed on Monday.

The cluster involves breaches happened to Fling in 2011, to LinkedIn in 2012, and to Tumblr 2013. The researchers are still unclear about when the MySpace hack took place, but Hunt, operator of the Have I been pwned? breach notification service, said it surely happened sometime after 2007 and before 2012.

"There are some really interesting patterns emerging here. One is obviously the age; the newest breach of this recent spate is still more than 3 years old. This data has been lying dormant (or at least out of public sight) for long periods of time. The other is the size and these 4 breaches are all in the top 5 largest ones HIBP has ever seen. That's out of 109 breaches to date, too. Not only that, but these 4 incidents account for two thirds of all the data in the system, or least they will once MySpace turns up. Then there's the fact that it's all appearing within a very short period of time - all just this month. There's been some catalyst that has brought these breaches to light and to see them all fit this mould and appear in such a short period of time, I can't help but wonder if they're perhaps related," he added.