Myspace Account Details Stolen in Cyber Attack

Myspace, though mostly forgotten, is not gone – while it has been rendered obsolete by Facebook and other social media behemoths, its user account data still lives and thrives to this day. Unfortunately that also means these accounts are just as vulnerable to cyber attacks as any other website: recently, it was reported that hundreds of millions of Myspace usernames and their attached passwords were put up for sale online. Sound familiar? Last week we wrote about a very similar occurrence with LinkedIn. So, despite Myspace’s slump into Internet oblivion, this current situation begs the question of whether data really loses value as it ages, or if it is preserved in the ether.

Save for its acquisition by Time Inc. (they bought the current social media company’s owner, Viant), Myspace doesn’t have the same street cred as it did back in the day. But that didn’t stop hackers from stealing millions of accounts – anywhere from 360 to 427 Million user accounts are currently for sale online or in the hands of “Peace”, the initiating attacker. Also, it should be noted that “Peace” is the same hacker who infiltrated LinkedIn and put their data up for sale this year.

There are other rather significant commonalities between the LinkedIn and Myspace attacks as well: one, that the stolen data may not be up-to-date, and two, the unsecured password statuses. There isn’t a surefire way to determine which details are current or not, but Myspace is already taking the appropriate steps and alerting as many users as possible to change their passwords and monitor accounts. The passwords were the same format as those from LinkedIn – unsalted SHA-1 passwords – and therefore easier to crack. The password security used at the time was the most advanced available; it has morphed into a much stronger position since then.

Though this is being billed as the largest data breach due to pure volume alone, it is by no means the most detrimental. However, from a company standpoint no one wants to send the dreaded email about a cyber security breach; from a user standpoint, no one wants to receive that message! Cyber security monitoring is key on both the company and user sides – educating everyone from employees to website visitors and beyond will make the user experience safer and keep a company’s cyber security safe and intact.

Stolen Passwords from LinkedIn Resurface on the Dark Web

If any one of your account passwords had been stolen, would you be able to put a price on it? Plenty of stolen passwords, with and without usernames attached, are up for grabs across the Internet. The most recent treasure trove comes from a years-old LinkedIn security breach, showing that even after almost half a decade, past attacks are always lurking.

About four years ago, a great deal of passwords were stolen from LinkedIn. While initial numbers hovered at 6.5 million users’ details, the amount of information for sale currently contains 167 million accounts. The (slight) silver lining is that only 117 million leaker user accounts have both usernames and passwords. The charming mastermind behind this sale, a user by the name of “Peace” (how ironic), is asking for 5 bitcoins – the equivalent of USD$2,300. Though no one has stepped up to buy the bundle of stolen passwords and usernames just yet, it’s only a matter of time. Plus, it should be noted that these passwords are “unsalted SHA-1 hashes” – they lack the “salt”, or extraneous data sometimes attached to passwords that would normally make them harder to decode.

So, how is LinkedIn responding this time around? Beside releasing a blog post, emails were also sent out to users with specific information on changing passwords and creating a two-step verification process. Creating a new password is one thing, but creating a strong password is the significant difference – a lot of the passwords that leaked were as simple as “password” or “linkedin”. Instead, focus on replacing letters with numbers, random capitalization, punctuation marks or even using an entirely different language.

While this particular leak doesn’t have much to do with LinkedIn’s current security protocols, it shows that “protected” data from a leak four years prior managed to stay dormant and resurface – and for a price many would pay to exploit private personal details. This event makes a great argument for cyber security protection – whether you’re a big or small organization, any details can be stolen and posted online for the world to see if you don’t have the right cyber guards in place.