More Than 427 Million MySpace Passwords Get Leaked, Hacker Selling Them For 6 Bitcoin
If you have an account on MySpace.com, you have to know that more than 427 million passwords of this social network have been leaked on the Internet, and that the hacker has put them up for sale on the dark Web market.
The big news comes from LeakedSource, a popular search engine that specializes in leaked records, which says that MySpace was hacked and that it has the copy of the credentials.
The collection of leaked MySpace data was handed over to LeakedSource by Tessa88@exploit.im.
"This data set contains 360,213,024 records. Each record may contain an email address, a username, one password and in some cases a second password," says LeakedSource on May 27. "Of the 360 million, 111,341,258 accounts had a username attached to it and 68,493,651 had a secondary password."
A report from Motherboard says that the hacker named Peace, who sold millions of LinkedIn user data a few days ago, is also the one who put the MySpace hacked data up for sale on The Real Deal, a dark Web market. Peace is selling the stolen emails and passwords for 6 bitcoin that is equivalent to about $2,800. As a point of comparison, the hacker is selling the 117 million LinkedIn accounts for 5 bitcoin or around $2,200.
"I'll put listing for sale before idiots start spreading it," the hacker told Motherboard.
It is not clear when the breach took place, but both Peace and LeakedSource claim that the data originated from a previous unreported hacking incident.
Top Passwords Used By MySpace Users
LeakedSource revealed the top passwords that were used on MySpace. On top of the list include:
These leaked passwords were encrypted with the so-called Secure Hash Algorithm (SHA 1), which is no longer deemed secure. The passwords were not salted as well. In simple terms, salt is a data that is generated in a random manner. This is added into passwords prior to encryption so they will be trickier to crack.
LeakedSource says that once users' details show up in the MySpace database, they may send the site a request to have the data removed at no cost.