Millions of MySpace accounts stolen before June 11, 2013, are being illegally sold online on a hacker forum, as parent company Time Inc. confirmed Monday. This marks the largest data breach in the history of Internet, and the Russian cyberhacker whose nickname is Peace was responsible for it. He is also behind the attacks against LinkedIn and Tumblr.
About 360 million accounts are affected, according to a report from LeakedSource.com. Each record involved in this data set contains a password, an email address, a second password in some cases, TechCrunch reported. It means that there are as much as 427 million total passwords being sold on the dark web.
It is known that 117 million LinkedIn emails and passwords surfaced online from a hack carried out in 2012. In Tumbler’s case, 65 million accounts were affected. But MySpace’s data breach consists of as much as 33-gigabyte of data being sold online.
Time said that these accounts are from the platform’s user base before the moment in which MySpace was redesigned with extra security measures.
Time, which bought MySpace and other properties earlier this year when it acquired Viant, said most of these accounts might not be active, and users may not remember the passwords they used on MySpace, but they are still vulnerable. Because many people tend to use the same passwords for multiple online accounts, most of the users involved in the data breach may be at risk because hackers could crack their current accounts.
MySpace announced in a blog post on Tuesday that al the affected passwords have been disabled to make it impossible for any hacker to use the leaked data to gain access to accounts without authorization. Each of the users involved in the data breach is receiving a notification, and the firm is taking advantage of its automated tools to detect signs of suspicious activity on MySpace accounts and block it.
Time, Inc. was able to date the data breach to some degree thanks to the fact that the passwords were stored as unsalted SHA-1 hashes, just like LinkedIn’s. The company said the hack does not affect any of its other systems and that the leaked information does not include users’ financial data.
“We take the security and privacy of customer data and information extremely seriously—especially in an age when malicious hackers are increasingly sophisticated and breaches across all industries have become all too common,” Myspace’s CFO Jeff Bairstow declared in a statement, as quoted by Tech Crunch.
MySpace said the case is currently under investigation and that it is working closely with authorities.
Hackers can easily gain unauthorized access to users’ data, particularly when they have the same username and password for multiple online services. It is comparable to using the same car key to open all doors at home and the office, meaning that if a criminal finds that single key, he or she will then be able to steal every object found in all those areas.
Experts recommend users of all online accounts to use complicated passwords by using combinations of different types of characters and reset them periodically. They can also start using password management tools currently available in the market, in case users find it too hard to remember so many different passwords. Nowadays with so many user-friendly technologies there are no excuses when it comes to protecting online accounts.
Hack Brief: Your old Myspace account just came back to haunt you https://t.co/OPruFS0TEv
— WIRED (@WIRED) May 31, 2016