Hearing about breached data on social media accounts should not faze anyone anymore in this day and age. Even on social media networks that are not that popular anymore.
MySpace.com, the once popular social media network of the last decade was hacked, and data which contains close to 427 million passwords was leaked on the Internet. The information is up for sale on the dark web on the underground Internet market.
The leak was reported by LeakedSource, a search engine that is popular with people who want to look for leaked data and records. LeakedSource said that they had the credentials of the leak when they announced the breach of the MySpace data.
LeakedSource announced on the 27th of May that the data set they had with them had close to 360 million records. Each record which was in their position contained a username, a password and in some instances even had a second password. LeakedSources also said that from their dataset, from the 360 million accounts, nearly 112 million accounts had a username that was on it, a further 69 million of the accounts in the breached data contained a secondary password.
The hacked data was reported to be in the hands of a hacker known in the industry as Peace also. Peace is synonymous with the LinkedIn hack also which he was selling for 5 Bitcoin or $2,200 on the dark web. Peace is reported to be selling the MySpace accounts on the Real Deal, which is a popular dark web market. The breached data is up for sale for 6 Bitcoin, which is around $2,800.
In an interview with reporters, Peace said that he intended to put the listing up for sale before anyone would start spreading the data to everyone. The details of the data breach are unclear at the moment, and questions such as when the breach took place, who did it and why are unknown.
LeakedSources proved that they had a copy of the information as they released some top 5 passwords that they said were being used by MySpace users. The top five of the passwords include homelesspa, password1, abc123, 123456, myspace1.
The passwords are said to have been encrypted by the Secure Hash Algorithm (SHA 1), which might have been secure at the time of the breach, but as of now people don’t value anymore. To add salt to injury, the passwords were not salted. Irony!
While it’s almost impossible to protect yourself against attacks on website you use, it’s always usefull to have a great VPN to add that extra layer of security.