TechSpot

Myspace hack puts at least 360 million users at risk

By Shawn Knight
May 31, 2016
Post New Reply
  1. Time Inc., which recently acquired pioneering social network Myspace, has confirmed reports that the site was hacked. Like the Tumblr breach that we reported on yesterday, the compromised Myspace data dates back several years.

    Time said earlier today that it first became aware shortly before Memorial Day weekend that stolen Myspace credentials were being made available in an online hacker forum. The data, which consists of usernames, passwords and e-mail addresses, was apparently swiped from the old Myspace platform – or in other words, prior to June 11, 2013, when the site was relaunched with strengthened security.

    As of writing, Time says it doesn’t appear as though any financial data was compromised. What’s more, the breach does not impact any of Time’s other systems or subscribers.

    Myspace is in the process of notifying affected users and is working with law enforcement in hopes of figuring out who was behind the attack. The site has also wiped all of the passwords of impacted users so at the very least, the data can’t be used to log into Myspace.

    This is the second major security breach to surface this week in which the theft of data took place years earlier. Dated breaches like this may seem like less of a concern given their age but in fact, they present some unique challenges.

    With data this old, it’s entirely possible that it has already been picked through before being made available on the black market. Furthermore, people weren’t quite as concerned with security and privacy in early 2013 as they are today meaning passwords were probably a bit less complex on average. Using the same password across multiple sites was also more common back then and it’s entirely possible that some haven’t gone back and changed passwords for older accounts they might not use as often these days, like Myspace.

    The only real silver lining here is that yes, the data is old and is less likely to be up-to-date.

    In a post on Myspace’s blog, the site says it suspects Russian hacker “Peace” is responsible for the attack, the same person that recently posted LinkedIn and Tumblr data on the underground market.

    Neither Time nor Myspace would say how many accounts were compromised although a report from LeakedSource says the data set contains a whopping 360,213,024 records. Each “record” may contain a username, e-mail address, password and in some cases, a second password. The site notes that more than 68 million records had a second password attached.

    The publication further reports that passwords were hashed and stored using SHA1 encryption without salting. As you may know, salting is a technique that makes it much more difficult to crack passwords. Worse yet, LeakedSource reports that very few passwords were over 10 characters in length and nearly none of them contained an upper case letter, making them even easier to decrypt.

    Lead image courtesy Paul Hudson, Flickr

    Permalink to story.

     
  2. davislane1

    davislane1 TS Evangelist Posts: 3,564   +2,372

    That number is way bigger than I would have expected.
     
  3. mctommy

    mctommy TS Booster Posts: 190   +30

    Myspace is still alive?
     
    Ziffel, H3llion and wastedkill like this.
  4. p51d007

    p51d007 TS Evangelist Posts: 914   +391

    LOL, didn't even know myspace was still around.
     
  5. Arris

    Arris TS Evangelist Posts: 4,609   +295

    Hopefully they aren't using the same passwords for their active Facebook accounts...
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...