An organization in which specializes in maintaining a searchable database of thousands of credentials had leaked into a massive data breach. Today, it has exposed that they have added over 427 million user’s records to their immense database. Earlier this week, they have also added 167 million LinkedIn accounts.
Unfortunately, MySpace has not released any statements pertaining to this incident, as of now. If this is in fact confirmed, the MySpace massive database breach will be one of the globes largest breaches up to date.
There is a rough total of 360,213,024 users that was included in the breach; details that are contained within the users private information included user names, email address, and even passwords.
Just like we can see in the previous case of LinkedIn’s breach, the data was not uniform. The LeakeSources analysts state that they had found 427,484,128 user passwords. However, not all of the victim accounts where attached, and some accounts had also had a secondary passwords, while other had a secondary password without a primary password. We can also see that some database entries had also contained just a single password.
The company, LeakedSource, stated that the passwords had in fact been encrypted with SHA1 encryption. However, they were not salted. Due to the lack of added security, LeakedSource analysts were then able to crack several of the passwords.
The bright side of all of this: users can request that their information to be removed from their data.
The company has also stated that the data collected from an anonymous hacker, is known as Jabber. There are also large listings on the Dark Web, claiming to sell the MySpace database.
LeakedSource claims that social media users are extremely uncomfortable with the open knowledge listing on their database, nor the idea of selling personal information on the Dark Web. And for those in which are seeking their information to be removed from the list, you can send the staff an email. Nevertheless, the data has been listed on the site and is already for sale. Those who have already seen the list, and those who have purchased it, already has access to your social media account. The best solution to protecting your online social media account is to create a new and strong password with a combination of numbers, letters, and symbols.
We can see below, we have some tables that host the top MySpace passwords, as well as the top email domains. Please take note, that the first entry “homelesspa” was in fact automatically generated for several accounts. in which had the same email format. This is possibly due to bots or even fake users.
Top 20 MySpace Passwords:
Rank: | Password: | Frequency: |
1 | Homelesspa | 855,478 |
2 | Password1 | 585,503 |
3 | abc123 | 569,825 |
4 | 123456 | 487,915 |
5 | myspace1 | 276,915 |
6 | 123456a | 244,641 |
7 | 123456789 | 191,016 |
8 | a123456 | 165,132 |
9 | 123abc | 159,700 |
10 | (POSSIBLY INVALID) | 158,462 |
11 | qwerty1 | 141,110 |
12 | passer2009 | 130,740 |
13 | fuckyou1 | 125,302 |
14 | iloveyou1 | 123,668 |
15 | princess1 | 114,107 |
16 | 12345a | 111,818 |
17 | monkey1 | 106,424 |
18 | football1 | 101,149 |
19 | babygirl1 | 90,685 |
20 | love123 | 88,756 |
Top 20 MySpace User Email Domains:
Rank: | Email Domain: | Frequency: |
1 | @yahoo.com | 126,053,325 |
2 | @hotmail.com | 79,747,231 |
3 | @gmail.com | 25,190,557 |
4 | @aol.com | 24,115,704 |
5 | @aim.com | 5,345,585 |
6 | @live.com | 4,728,497 |
7 | @hotmail.co.uk | 4,701,850 |
8 | @msn.com | 4,378,167 |
9 | @myspace.com | 4,257,451 |
10 | @comcast.net | 3,257,451 |
11 | @ymail.com | 3,275,651 |
12 | @sbcglobal.net | 2,793,292 |
13 | @hotmail.fr | 2,793,292 |
14 | @web.de | 1,486,602 |
15 | @rocketmail.com | 1,420,819 |
16 | @yahoo.co.uk | 1,384,943 |
17 | @verizon.net | 1,255,478 |
18 | @cox.net | 1,082,304 |
19 | @mail.ru | 1,040,442 |
20 | @hotmail.it | 1,018,406 |
Sources: Softpedia, LeakedSource.
This article (MySpace Data Breach Exposing 427 Million Passwords) is a free and open source. You have permission to republish this article under a Creative Commons license with attribution to the author and AnonHQ.