427 million passwords revealed in MySpace hack
MySpace is all but dead to most, but the failed social network is now wreaking havoc from beyond the grave. LeakedSource, a search engine specialising in data obtained via breaches, has revealed that MySpace was hacked, compromising the personal information of over 360 million users. It is not yet clear when the breach occurred, and why MySpace never reported it.
The information was provided to LeakedSource via an anonymous hacker. While MySpace has yet to make a public statement in regards to the hack, CyberShack was able to find a number of accounts associated with its staff members in the leaked database, suggesting a certain amount of legitimacy.
While most have abandoned MySpace in favour of the likes of Facebook, Instagram, Twitter, and Snapchat, the original social network still gets around 50 million monthly visitors (which is still paltry when compared to Facebook's 1.65 billion monthly active users). Even if you're not still using MySpace, there's a risk that the password you used for your old account is the same as what you’ve used for other online profiles.
Over 360 million accounts were stored in the hacked database, with 427 million passwords between them (a number of users had a secondary password). Passwords were stored with SHA1 encryption, but not salted (a salt is a chunk of randomly generated data added to passwords before they are encrypted, which makes them harder to crack). While this a step above storing passwords as plain text, the encryption is quite weak, and means passwords can easily be decrypted.
LeakedSource says "homelessspa" was the most common password in the leak, due to the fact it's the default for new accounts. "password1", "abc123", "123456," and "myspace1" made up the remainder of the top five.
LeakedSource has a free search tool that let allows anyone to check if their username or email appears in a breach, but seeing full details (such as what password is associated with that account) requires a paid subscription. One day of access is billed at USD$4.