NEWS
NEWS
NEWS
427 million hacked MySpace usernames and passwords make their way online
If you’ve ever had a MySpace account it’s time to be concerned, with a revelation that 427 million usernames and passwords have been hacked from the site.
LeakedSource, a site that gathers leaked data and places it into a searchable database, claims that the MySpace user information was provided to them by an anonymous user with an email address linked to a Russian-language exploit chat site.
The leak dataset includes “an email address, a username, one password and in some cases a second password.”
There are said to be exactly 360,213,024 million email IDs and 427,484,128 passwords in the data, and that of the 360 million, 111,341,258 accounts had a username attached to it and 68,493,651 had a secondary password.
The inclusion of unencrypted passwords in the data set is said to be due to the fact the passwords were stored in SHA1 with no salting; as LeakedSource explains:
“Salting” makes decrypting passwords exponentially harder when dealing with large numbers of passwords such as these. The methods MySpace used for storing passwords are not what internet standards propose and is very weak encryption or some would say it’s not encryption at all.
Making the situation worse, the site went on to explain that very few passwords were over 10 characters in length and nearly none contained an upper case character which made the data easier for people to decrypt.
Real data
LeakedSource charges for access to full records, so it’s impossible to confirm all the figures in the data, however, Motherboard was able to verify that five staffers’ MySpace credentials were present in the data.
Using a similar test (you can confirm whether data is present via LeakSource’s search facility) SiliconANGLE was able to confirm, via both a username and email search, that user credentials were definitely there.
To make matters worse, the person behind the hack of MySpace data has put the full data set up for sale on the dark web market The Real Deal with an asking price of 6 Bitcoin, the equivalent of $3,148 at the time of writing.
Usually, with a hack of a site it would be recommended that you change your password on the affected site, but despite growing in numbers since relaunching as a music sharing site, few people today actually use the service, and the hack itself would appear to have occurred some years ago.
As always: practice safe internet and use a password that includes upper and lower case letters, numbers and symbols versus the most popular passwords used by MySpace users according to LeadedSource (see image right).
Image credit: blmurch/Flickr/CC by 2.0
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
