Your old social media accounts are back to haunt you.
Email addresses and passwords for MySpace accounts created before June 11, 2013, have been "made available" on a hacker forum, the social network said Tuesday. Tumblr logins from around the same time have also been posted, but those passwords are "salted and hashed," which means they're harder for a hacker to actually use.
If you’re not in the habit of updating passwords, now might be the time to start. Using the same password on multiple sites leaves you vulnerable when breaches like this happen. For example, if your Gmail password matches an old MySpace one, a bad actor could now gain access to your inbox and all of the private information stored within it.
The revelations come after LinkedIn announced this month that more than 100 million accounts were potentially compromised as a result of hacking.
The best practice is to use a unique password for every account you create online. And you should enable two-factor authentication when you can -- meaning you'll also have to input a separate password sent to a standalone device (like your mobile phone) when you log into a service for the first time.
To get a sense of whether your data is at risk, take a look at "have I been pwned?" It's a website that cybersecurity expert Troy Hunt compiled, which checks your email address against known breaches.
The example above used my personal email address. Unbeknownst to me, my data had potentially been exposed by a "Lord of the Rings Online" breach; frustrating since I only played the game a couple of times.
That's a helpful reminder, though. While online services can feel so quick and ephemeral, the data they generate is basically permanent.