Stolen Tumblr, MySpace, and Fling Passwords Posted Online

The same hacker who posted 120 million LinkedIn passwords online last week is now allegedly selling user records for millions of Tumblr, MySpace, and Fling accounts:

  • Social networking site MySpace was hacked in 2013; 360 million passwords have been compromised.
  • Social networking site Tumblr was hacked in 2013; 65 million passwords have been compromised.
  • Dating site Fling was hacked in 2011; 40 million passwords have been compromised.

If you have accounts on any of these websites and have not changed your passwords recently, you should do so as soon as possible. If you used your LinkedIn, MySpace, Tumblr, or Fling password for more than one account, you should change those passwords as well.

Note that companies often send out legitimate emails suggesting that customers whose information may have been compromised by data breaches change their passwords. Since criminals are aware of these breaches and may send out phish emails appearing to come from affected companies, it is important that you do not click links in any email asking you to update your login information, however legitimate they may appear. Instead, open a new browser window, type in the URL of the affected company, and change your password using the tools available on the website.

For more security best practices to protect your accounts against data breaches, including how to set a strong password, see our recommendations following the LinkedIn breach.

For more information about these breaches, see: