In just the past couple of years, there have been several huge data breaches of the social media sites that millions of people across the globe use every day. In some cases, the data stolen is encrypted and inaccessible, but in others, the more sensitive information for millions of users–like email addresses or phone numbers–is available to the highest bidder. In these five social media breaches, the largest in internet history, one hacker was behind the keyboard. Known only as “Peace,” this hacker has been the one selling the stolen data, usual through a dark web commerce site (known as TheRealDeal) where users can use the cryptocurrency Bitcoin to buy and sell digital information. Here are the fives social media sites that experienced the largest data breaches.
1. MySpace – 360 million compromised accounts
Ah, the early 2000s. A simpler time before smartphones (as we know them) and before the social media mega-giants of today. Back between 2005 and 2008, MySpace was the king of the hill, and could call itself the largest social networking site in the world. Despite being eclipsed by Facebook in 2008, MySpace continued to hang around, recently reporting that it passed 1 billion registered users this year. In March of this year, the hacker “Peace” claimed to have access to the email addresses, usernames, and passwords of approximately 360 million MySpace users. Based on analysis of email domain frequency, the actual hack is more likely to have occurred back in 2008, with Peace just now deciding to make the breach public. It’s unknown what the motive was, although user-data like that is always good for something in a world where personal data is frequently bought and sold.
2. LinkedIn – 117 million
LinkedIn has done well filling the niche left open by the need for a truly professional social network, a role that you might assume means they have beefed up their security to keep corporations and executives’ personal contact info from prying eyes. Unfortunately, that hasn’t been the case. Peace claims to be the one with access to the account information of approximately 117 million LinkedIn users. As with the MySpace hack, Peace attempted to sell the data he acquired—for only $2,200. This is also one of the few hacks that turned out worse than they initially looked; LinkedIn was hacked back in 2012, and while Peace claims his data comes from the same breach, only around 6.5 million accounts were reported as compromised at the time.
3. VK – 100 million
If you’ve never heard of VK (formerly VKontakte), don’t worry. Primarily filled with Russian-speaking users, VK is a European social media networking site that was started in 2003 and that offers several Facebook-like features, such as private messaging, groups, and even a “Like” button (though it’s more akin to a “save for later” function). In 2012, VK was breached, and it wasn’t until just recently that the account information was put up for sale. The usernames, passwords, and email addresses of just over 100 million accounts were stolen, and since VK now requires users to input a phone number when registering, many users’ phone numbers were also stolen. Peace is once again responsible; he listed this information for sale for 1 Bitcoin (around $650 at the time of this writing). Peace also claims to have access to 71 million more accounts. Why he hasn’t tried to sell them yet is anybody’s guess.
4. Tumblr – 65 million
Tumblr has been successful as a hybrid social media and blogging platform, selling to Yahoo! for over $1 billion in 2013. Prior to that acquisition, however, Tumblr suffered a data breach that resulted in approximately 65 million accounts being compromised. Peace once claimed possession of the stolen data, though in this case the encryption, called SHA1, rendered most of the data useless without a key. Because of this encryption, Peace sold the data for only $150.
5. Fling.com – 40 million
Fling.com is an adult social networking site that (in some ways) aims to act as a hook-up service for adults looking for a little fun. The reported 50 million users on Fling include their sexual preferences, orientation, and fantasies in their profiles, making the data breached a bit more sensitive (as in the Ashley Madison hack from 2015). Peace was also behind this one, selling the data from the 40 million compromised accounts for around $400 (in Bitcoin, of course). It always pays to be careful where you share your information; otherwise your darkest desires may end up on the dark web.
Public Domain images from Pixabay.com