360 Million MySpace Accounts Have Been Leaked Online

Remember MySpace? It was the place people went to carve out garish online identities before Facebook made everything clean and homogeneous. If you used to have an account, there's a pretty good chance that your login details have been hacked: LeakedSource is boasting it has the passwords for over 360 million MySpace accounts. (That's a lot of shrines to bad '90s bands and angsty teen poetry.)

LeakedSource has unleashed precisely 360,213,023 MySpace accounts into the wild following a data dump by hacker "[email protected]". According to the leaked database purveyor, each record may contain an email address, a username, one password and in some cases a second password.

MySpace's stored passwords were encrypted by Secure Hash Algorithm 1 (SHA1), a program designed by the United States National Security Agency which produces a 160-bit (20-byte) hash value known as a message digest. A SHA-1 hash value is typically rendered as a hexadecimal number, 40 digits long. This form of encryption is no longer considered secure against hackers who know what they are doing.

"The methods MySpace used for storing passwords are not what internet standards propose and is very weak encryption or some would say it's not encryption at all but it gets worse," LeakedSource explained on its blog. "We noticed that very few passwords were over 10 characters in length (in the thousands) and nearly none contained an upper case character which makes it much easier for people to decrypt."

Adding to this, many of the passwords were stupidly easy for a human to guess: "password1" appears 585,503 times, "abc123" appears 569,825 times and "myspace1" appears 276,915 times. The most prolific password of all was "homelesspa" which is MySpace's default password. Oh dear.

You can search for yourself in the leaked MySpace.com database by typing your username into LeakedSource's homepage. If your personal information appears in our copy of the MySpace database, or in any other leaked database that we possess, you may contact us and request to have it removed free of charge.

[Via LeakedSource]


Comments

Join the discussion!