Myspace, a popular social network in the music industry, is the latest subject in a growing list of user information leaks. This latest pool of data includes email addresses, one or more passwords and a username.
Over 427 million passwords are included in the data set, with 360 million email addresses. The discrepancy is caused by some accounts having a secondary password. Passwords were hashed with the SHA-1 algorithm, which is a compromised and insecure cryptographic function; the passwords were not salted.
Along with the lack of secure methods being used to store passwords, many users did not use secure passwords, as they did not contain uppercase letters or were less than 10 characters in length, making it easier to guess the password, through a method known as brute-force. Here's a selection of just some of the top passwords used:
- homelesspa - 855,478 uses
- password1 - 585,503 uses
- abc123 - 569,825 uses
The data is believed to have come from an old breach, that went unreported and undetected. It is on sale in the online underground for $2,800. The information was discovered by LeakedSource, who conducted several online deep-searches and followed-up rumours of data being traded on the dark web.
You can find out if you've been involved in this latest leak by using LeakedSource's online data search engine. Other recent leaks involve an online hardcore fetish forum, including government-issued email addresses and LinkedIn, with 167 million accounts leaked.