427 million Myspace passwords leaked online in breach

Screenshot of the data listing via Motherboard

Myspace, a popular social network in the music industry, is the latest subject in a growing list of user information leaks. This latest pool of data includes email addresses, one or more passwords and a username.

Over 427 million passwords are included in the data set, with 360 million email addresses. The discrepancy is caused by some accounts having a secondary password. Passwords were hashed with the SHA-1 algorithm, which is a compromised and insecure cryptographic function; the passwords were not salted.

Along with the lack of secure methods being used to store passwords, many users did not use secure passwords, as they did not contain uppercase letters or were less than 10 characters in length, making it easier to guess the password, through a method known as brute-force. Here's a selection of just some of the top passwords used:

  • homelesspa - 855,478 uses
  • password1 - 585,503 uses
  • abc123 - 569,825 uses

The data is believed to have come from an old breach, that went unreported and undetected. It is on sale in the online underground for $2,800. The information was discovered by LeakedSource, who conducted several online deep-searches and followed-up rumours of data being traded on the dark web.

You can find out if you've been involved in this latest leak by using LeakedSource's online data search engine. Other recent leaks involve an online hardcore fetish forum, including government-issued email addresses and LinkedIn, with 167 million accounts leaked.

Source: LeakedSource via Motherboard

Report a problem with article
hacked-splash
Next Article

'Hacked?' for Windows 10 lets you quickly check if you're involved in a data breach

gamelibrary1
Previous Article

This Weekend's PC Game Deals: Plenty of AAA titles are available on the cheap

34 Comments - Add comment

Advertisement