NEWS
NEWS
NEWS
427 million hacked MySpace usernames and passwords make their way online
If you’ve ever had a MySpace account it’s time to be concerned, with a revelation that 427 million usernames and passwords have been hacked from the site.
LeakedSource, a site that gathers leaked data and places it into a searchable database, claims that the MySpace user information was provided to them by an anonymous user with an email address linked to a Russian-language exploit chat site.
The leak dataset includes “an email address, a username, one password and in some cases a second password.”
There are said to be exactly 360,213,024 million email IDs and 427,484,128 passwords in the data, and that of the 360 million, 111,341,258 accounts had a username attached to it and 68,493,651 had a secondary password.
The inclusion of unencrypted passwords in the data set is said to be due to the fact the passwords were stored in SHA1 with no salting; as LeakedSource explains:
“Salting” makes decrypting passwords exponentially harder when dealing with large numbers of passwords such as these. The methods MySpace used for storing passwords are not what internet standards propose and is very weak encryption or some would say it’s not encryption at all.
Making the situation worse, the site went on to explain that very few passwords were over 10 characters in length and nearly none contained an upper case character which made the data easier for people to decrypt.
Real data
LeakedSource charges for access to full records, so it’s impossible to confirm all the figures in the data, however, Motherboard was able to verify that five staffers’ MySpace credentials were present in the data.
Using a similar test (you can confirm whether data is present via LeakSource’s search facility) SiliconANGLE was able to confirm, via both a username and email search, that user credentials were definitely there.
To make matters worse, the person behind the hack of MySpace data has put the full data set up for sale on the dark web market The Real Deal with an asking price of 6 Bitcoin, the equivalent of $3,148 at the time of writing.
Usually, with a hack of a site it would be recommended that you change your password on the affected site, but despite growing in numbers since relaunching as a music sharing site, few people today actually use the service, and the hack itself would appear to have occurred some years ago.
As always: practice safe internet and use a password that includes upper and lower case letters, numbers and symbols versus the most popular passwords used by MySpace users according to LeadedSource (see image right).
Image credit: blmurch/Flickr/CC by 2.0
Since you’re here …
… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.
If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.
