June 1, 2016 by

Nearly Half a BILLION Passwords Stolen in MySpace Breach

In what could prove to be one of the biggest data breaches of all time, Time Inc., has confirmed that Myspace, the social media website that it owns, had been hacked.

Myspace, one of the earliest social media websites and communities is now confirmed as the victim of a 2013 breach by its parent company, Time Inc.

The database of the breached Myspace server was put up for sale by a hacker known as “Peace.”

Motherboard, in communications with Peace and paid hacked-data search engine LeakedSource, revealed that the database contains 427,484,128 passwords. However, only 360 million user emails were acquired from the database, due to some accounts having two passwords.

A summary of the data set put up by LeakedSource reads:

This data set contains 360,213,024 records. Each record may contain an email address, a username, one password and in some cases a second password. Of the 360 million, 111,341,258 accounts had a username attached to it and 68,493,651 had a secondary password.

Time Inc. confirmed the June 2013 breach of Myspace, noting that the compromised data was “limited to a portion of Myspace usernames, passwords and email addresses.”

Related read: 65 Million Email Credentials Stolen from Tumblr Breach

The parent company insisted that the breach did not affect any Time Inc. systems, subscriber information or other media properties.

Some of the top passwords as revealed by LeakedSource are:

Homelesspa, password1, abc123, 123456, myspace1, 123456a, 123456789, a123456, 123abc and qwerty1, among others.

Significantly, the passwords were stored in SHA1, with no salting. The lack of security enforced makes it exponentially easier for malicious hackers to crack and decipher the passwords in plaintext, as evident by those revealed by LeakedSource.

With 427 million stolen passwords, the incident could represent one of the largest breaches of all time. In comparison, LinkedIn’s breach exposed nearly 120 million user credentials, while the Tumblr breach saw 65 million compromised passwords.

To check the security status of your online accounts, LIFARS recommends the hacked-records database Have I Been Pwned?, a useful tool to check on your accounts.

Images credit: Flickr.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Pizza Hut Suffers Customer Card Breach, Discloses Hack 2 Weeks Later

Pizza chain Pizaa Hut was hacked on October 1st and October 2nd this month with hackers stealing...

Read more arrow_forward

Microsoft’s Secret Bug Database was Hacked in 2013

Technology giant Microsoft never disclosed a major breach of its internal database tracking bugs, a...

Read more arrow_forward

Weebly Hack Sees 43 Million User Credentials Stolen

San Francisco-based Weebly.com, a “drag-n-drop” website creator has seen its main...

Read more arrow_forward