Advertisement

We need your help now

Support from readers like you keeps The Journal open.

You are visiting us because we have something you value. Independent, unbiased news that tells the truth. Advertising revenue goes some way to support our mission, but this year it has not been enough.

If you've seen value in our reporting, please contribute what you can, so we can continue to produce accurate and meaningful journalism. For everyone who needs it.

AP Photo/Mark Lennihan

Remember MySpace? If you joined it before, you will want to revisit it quickly

Over 360 million records have been said to be leaked, which would make it one of the biggest leaks of passwords ever.

MYSPACE MIGHT NOT have been relevant for a number of years now, relaunches and changing owners has not helped matters, but it’s back for the wrong reasons.

LeakedSource, the same company which compiled a database of the most used passwords gathered from the LinkedIn hack, has compiled another database with leaked MySpace passwords.

If the data is accurate, it would be one of the largest password leaks to happen with more than 360 million records in the database. It is not known when this breach happened, but it likely happened a few years back.

Why is such an old website relevant now? It’s because if you had an account with it, chances are it’s linked to your current email address, and if you think passwords standards now aren’t great, the ones used back in 2008 are even worse according to LeakedSource.

The methods MySpace used for storing passwords are not what internet standards propose and is very weak encryption… we noticed that very few passwords were over 10 characters in length (in the thousands) and nearly none contained an upper case character which makes it much easier for people to decrypt.

The other noticeable factor was the number of accounts with the password ‘homelesspa’, which is assumed to be automatically generated as all the emails that used it followed the same format.

Apart from that, the list of popular bad passwords shared a lot of similarities with other lists. The likes of ‘password1′, ‘abc123′, ’123456′ and ‘myspace1′ topped the list while ‘@Yahoo.com’ was the most popular email domain used with 126 million accounts using it.

According to Vice Motherboard, a hacker named Peace has put the data up for sale for the price of six bitcoins (roughly €2,928) on the darknet. The hacker also did the same thing with LinkedIn data which was leaked recently.

‘Mega breaches’

Another site that has fallen victim to the same problem is Tumblr where 65 million accounts have been discovered for sale on the darknet.

The database includes email accounts and passwords, but unlike MySpace, the measures Tumblr took to protect its passwords means it will be incredibly difficult to crack them.

Wall Street Tumblr Tumblr is another site said to be hacked with data already on sale on the darknet. AP Photo / Mark Lennihan AP Photo / Mark Lennihan / Mark Lennihan

All passwords were ’hashed’, a process where a password is turned into a different string of digits, and ‘salted’, which adds a random string to a password before it’s hashed.

One security research Troy Hunt who runs haveibeenpwned (HIBP), a service which keeps a record of database breaches and notifies those affected, said there was a trend of old breaches only emerging now and could mark the beginning of ‘mega breaches’ being revealed.

“This data has been lying dormant (or at least out of public sight) for long periods of time,” he said in a blog post. “And these four breaches (LinkedIn, Flirt, Tumblr and MySpace) are all in the top five largest ones HIBP has ever seen. That’s out of 109 breaches to date, too”.

If this indeed is a trend, where does it end? What more is in store that we haven’t already seen? And for that matter, even if these events don’t all correlate to the same source and we’re merely looking at coincidental timing of releases, how many more are there in the ‘mega’ category that are simply sitting there in the clutches of various unknown parties?

Read: There’s a way to set a sleep timer for your music apps >

Read: This Pong table is trying to bring the classic arcade game into the real world >

Readers like you are keeping these stories free for everyone...
A mix of advertising and supporting contributions helps keep paywalls away from valuable information like this article. Over 5,000 readers like you have already stepped up and support us with a monthly payment or a once-off donation.

Author
Quinton O'Reilly
View 13 comments
Close
13 Comments
    Submit a report
    Please help us understand how this comment violates our community guidelines.
    Thank you for the feedback
    Your feedback has been sent to our team for review.
    JournalTv
    News in 60 seconds